CVE-2016-2379
HIGHPidgin Mxit - Inadequate Encryption Strength in Password Handling
Title source: llmDescription
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91335
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-38
Vendor Advisory x_refsource_confirm
https://pidgin.im/news/security/?id=95
Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0122/
Scores
CVSS v3
8.8
EPSS
0.0040
EPSS Percentile
31.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-326
Status
published
Products (1)
pidgin/mxit
Published
Mar 29, 2017
Tracked Since
Feb 18, 2026