WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-0783 Vulnerability in maven package org.apache.openmeetings:openmeetings-install

Description

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

Remediation

References

http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code

http://openmeetings.apache.org/security.html

http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html

http://www.securityfocus.com/archive/1/537886/100/0/threaded

https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG

Related Vulnerabilities

CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.11

CVE-2013-2187 Vulnerability in maven package org.apache.archiva:archiva

CVE-2023-22461 Vulnerability in npm package @mattkrick/sanitize-svg

CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin

CVE-2022-24278 Vulnerability in npm package convert-svg-core

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory