CVE-2017-7673

CRITICAL9.8EPSS 0.40%

Apache OpenMeetings has Inadequate Encryption Strength

Published: 5/13/2022Modified: 11/8/2023

Description

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Affected packages (1)

Maven/org.apache.openmeetings:openmeetings-parent>= 1.0.0, < 3.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7673
PATCHhttps://github.com/apache/openmeetings
WEBhttp://markmail.org/message/3hshl26omwjo6c5i
WEBhttp://www.securityfocus.com/bid/99587