CVE Vulnerabilities

CVE-2016-2379

Inadequate Encryption Strength

Published: Mar 29, 2017 | Modified: Apr 10, 2017
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
5.4 MODERATE
AV:A/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
6.8 MODERATE
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
Ubuntu
LOW

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Mxit Pidgin - (including) - (including)
Pidgin Ubuntu artful *
Pidgin Ubuntu esm-apps/xenial *
Pidgin Ubuntu esm-infra-legacy/trusty *
Pidgin Ubuntu precise *
Pidgin Ubuntu trusty *
Pidgin Ubuntu trusty/esm *
Pidgin Ubuntu upstream *
Pidgin Ubuntu xenial *
Pidgin Ubuntu yakkety *
Pidgin Ubuntu zesty *

Potential Mitigations

References