CVE-2017-7673

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
Link Resource
http://markmail.org/message/3hshl26omwjo6c5i Mailing List Third Party Advisory
http://www.securityfocus.com/bid/99587 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-28 16:04


NVD link : CVE-2017-7673

Mitre link : CVE-2017-7673

CVE.ORG link : CVE-2017-7673


JSON object : View

Products Affected

apache

  • openmeetings
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts

CWE-326

Inadequate Encryption Strength