Vulnerabilities > CVE-2013-5934 - Credentials Management vulnerability in Open-Xchange Appsuite

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

open-xchange

CWE-255

NVD

Published: 2013-09-25

Updated: 2013-09-25

Summary

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange Appsuite 7.0.1 Open Xchange Open Xchange Appsuite 7.0.2 Open Xchange Open Xchange Appsuite 7.2.0 Open Xchange Open Xchange Appsuite 7.2.1	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html