Vulnerabilities > CVE-2016-2379 - Inadequate Encryption Strength vulnerability in Pidgin Mxit
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Brute Force In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
- Encryption Brute Forcing An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-38.NASL description The remote host is affected by the vulnerability described in GLSA-201701-38 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might send specially crafted data using the MXit protocol, possibly resulting in the remote execution of arbitrary code with the privileges of the process, a Denial of Service condition, or in leaking confidential information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96542 published 2017-01-17 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96542 title GLSA-201701-38 : Pidgin: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-38. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96542); script_version("3.5"); script_cvs_date("Date: 2018/11/15 11:40:29"); script_cve_id("CVE-2016-1000030", "CVE-2016-2365", "CVE-2016-2366", "CVE-2016-2367", "CVE-2016-2368", "CVE-2016-2369", "CVE-2016-2370", "CVE-2016-2371", "CVE-2016-2372", "CVE-2016-2373", "CVE-2016-2374", "CVE-2016-2375", "CVE-2016-2376", "CVE-2016-2377", "CVE-2016-2378", "CVE-2016-2379", "CVE-2016-2380", "CVE-2016-4323"); script_xref(name:"GLSA", value:"201701-38"); script_name(english:"GLSA-201701-38 : Pidgin: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-38 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might send specially crafted data using the MXit protocol, possibly resulting in the remote execution of arbitrary code with the privileges of the process, a Denial of Service condition, or in leaking confidential information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-38" ); script_set_attribute( attribute:"solution", value: "All Pidgin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-im/pidgin-2.11.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-im/pidgin", unaffected:make_list("ge 2.11.0"), vulnerable:make_list("lt 2.11.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Pidgin"); }
NASL family Windows NASL id PIDGIN_2_11_0.NASL description The version of Pidgin installed on the remote Windows host is prior to 2.11.0. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to cause a denial of service. (CVE-2016-2365) - Multiple out-of-bounds read errors exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to cause a denial of service. (CVE-2016-2366, CVE-2016-2370) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for an avatar, to disclose memory contents or cause a denial of service. (CVE-2016-2367) - Multiple memory corruption issues exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to disclose memory contents or execute arbitrary code. (CVE-2016-2368) - A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT packet starting with a NULL byte, to cause a denial of service. (CVE-2016-2369) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2371) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for a file transfer, to disclose memory contents or cause a denial of service. (CVE-2016-2372) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, by sending an invalid mood, to cause a denial of service. (CVE-2016-2373) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT MultiMX messages, to disclose memory contents or execute arbitrary code. (CVE-2016-2374) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT contact information, to disclose memory contents. (CVE-2016-2375) - A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted packet having an invalid size, to execute arbitrary code. (CVE-2016-2376) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via a negative content-length response to an HTTP request, to cause a denial of service. (CVE-2016-2377) - A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted data using negative length values, to cause a denial of service. (CVE-2016-2378) - A flaw exists in MXIT due to using weak cryptography when encrypting a user password. A man-in-the-middle attacker able to access login messages can exploit this to impersonate the user. (CVE-2016-2379) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted local message, to disclose memory contents. (CVE-2016-2380) - A directory traversal flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data using an invalid file name for a splash image, to overwrite files. (CVE-2016-4323) - An unspecified vulnerability exists due to X.509 certificates not being properly imported when using GnuTLS. No other details are available. last seen 2020-06-01 modified 2020-06-02 plugin id 91784 published 2016-06-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91784 title Pidgin < 2.11.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91784); script_version("1.9"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-2365", "CVE-2016-2366", "CVE-2016-2367", "CVE-2016-2368", "CVE-2016-2369", "CVE-2016-2370", "CVE-2016-2371", "CVE-2016-2372", "CVE-2016-2373", "CVE-2016-2374", "CVE-2016-2375", "CVE-2016-2376", "CVE-2016-2377", "CVE-2016-2378", "CVE-2016-2379", "CVE-2016-2380", "CVE-2016-4323" ); script_name(english:"Pidgin < 2.11.0 Multiple Vulnerabilities"); script_summary(english:"Performs a version check."); script_set_attribute(attribute:"synopsis", value: "An instant messaging client installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Pidgin installed on the remote Windows host is prior to 2.11.0. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to cause a denial of service. (CVE-2016-2365) - Multiple out-of-bounds read errors exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to cause a denial of service. (CVE-2016-2366, CVE-2016-2370) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for an avatar, to disclose memory contents or cause a denial of service. (CVE-2016-2367) - Multiple memory corruption issues exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to disclose memory contents or execute arbitrary code. (CVE-2016-2368) - A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT packet starting with a NULL byte, to cause a denial of service. (CVE-2016-2369) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2371) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for a file transfer, to disclose memory contents or cause a denial of service. (CVE-2016-2372) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, by sending an invalid mood, to cause a denial of service. (CVE-2016-2373) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT MultiMX messages, to disclose memory contents or execute arbitrary code. (CVE-2016-2374) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT contact information, to disclose memory contents. (CVE-2016-2375) - A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted packet having an invalid size, to execute arbitrary code. (CVE-2016-2376) - An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via a negative content-length response to an HTTP request, to cause a denial of service. (CVE-2016-2377) - A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted data using negative length values, to cause a denial of service. (CVE-2016-2378) - A flaw exists in MXIT due to using weak cryptography when encrypting a user password. A man-in-the-middle attacker able to access login messages can exploit this to impersonate the user. (CVE-2016-2379) - An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted local message, to disclose memory contents. (CVE-2016-2380) - A directory traversal flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data using an invalid file name for a splash image, to overwrite files. (CVE-2016-4323) - An unspecified vulnerability exists due to X.509 certificates not being properly imported when using GnuTLS. No other details are available."); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=91"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=92"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=93"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=94"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=95"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=96"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=97"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=98"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=99"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=100"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=101"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=102"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=103"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=104"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=105"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=106"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=107"); script_set_attribute(attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=108"); script_set_attribute(attribute:"solution", value: "Upgrade to Pidgin version 2.11.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2368"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/21"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:pidgin:pidgin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("pidgin_installed.nasl"); script_require_keys("SMB/Pidgin/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); path = get_kb_item_or_exit("SMB/Pidgin/Path"); version = get_kb_item_or_exit("SMB/Pidgin/Version"); fixed_version = '2.11.0'; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (empty_or_null(port)) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report); } else audit(AUDIT_INST_PATH_NOT_VULN, "Pidgin", version, path);
References
- http://www.securityfocus.com/bid/91335
- http://www.securityfocus.com/bid/91335
- http://www.talosintelligence.com/reports/TALOS-2016-0122/
- http://www.talosintelligence.com/reports/TALOS-2016-0122/
- https://pidgin.im/news/security/?id=95
- https://pidgin.im/news/security/?id=95
- https://security.gentoo.org/glsa/201701-38
- https://security.gentoo.org/glsa/201701-38