Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1649Server vulnerability

CWE-2554 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
2.0%
top 16.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_server6.20.7, 6.22.0, 6.22.1+2

🔴Vulnerability Details

2
GHSA
GHSA-q2jx-6j78-675p: Open-Xchange Server before 62022-05-17
CVEList
CVE-2013-1649: Open-Xchange Server before 62013-09-05

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities2013-03-15
CVE-2013-1649 — Open-xchange Server vulnerability | cvebase