Vulnerabilities > CVE-2013-1649 - Credentials Management vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
open-xchange
CWE-255
exploit available

Summary

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionOpen-Xchange Server 6 - Multiple Vulnerabilities. CVE-2013-1645,CVE-2013-1646,CVE-2013-1647,CVE-2013-1648,CVE-2013-1649,CVE-2013-1650,CVE-2013-1651. Webapps ...
idEDB-ID:24791
last seen2016-02-03
modified2013-03-15
published2013-03-15
reporterMartin Braun
sourcehttps://www.exploit-db.com/download/24791/
titleOpen-Xchange Server 6 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/120785/openxchange-xsstraversal.txt
idPACKETSTORM:120785
last seen2016-12-05
published2013-03-14
reporterMartin Braun
sourcehttps://packetstormsecurity.com/files/120785/Open-Xchange-6-XSS-LFI-SSRF-Hashing.html
titleOpen-Xchange 6 XSS / LFI / SSRF / Hashing

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:78479
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-78479
titleOpen-Xchange Server 6 - Multiple Vulnerabilities