Vulnerability Details : CVE-2016-2379
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
Products affected by CVE-2016-2379
- cpe:2.3:a:pidgin:mxit:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2379
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2379
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2379
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2379
-
http://www.securityfocus.com/bid/91335
Pidgin Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201701-38
Pidgin: Multiple vulnerabilities (GLSA 201701-38) — Gentoo securityThird Party Advisory
-
http://www.talosintelligence.com/reports/TALOS-2016-0122/
Talos WebsiteThird Party Advisory
-
https://pidgin.im/news/security/?id=95
Pidgin Security AdvisoriesVendor Advisory
Jump to