CVE-2016-1241 — Sensitive Information Exposure in Trytond

CWE-200 — Sensitive Information Exposure8 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 59.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tryton Trytond Debian Tryton-server Tryton

Timeline

PublishedSep 7

Latest updateMay 17

Description

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶PyPItryton/trytond3.0.0 — 3.2.17+4

▶debiandebian/tryton-server< tryton-server 4.0.4-1 (bookworm)

▶NVDtryton/tryton3.2.16+39

🔴Vulnerability Details

GHSA

Tryton allows users to read the hashed password↗2022-05-17

▶

OSV

Tryton allows users to read the hashed password↗2022-05-17

▶

OSV

CVE-2016-1241: Tryton 3↗2016-09-07

▶

📋Vendor Advisories

Debian

CVE-2016-1241: tryton-server - Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before...↗2016

▶

💬Community

Bugzilla

CVE-2016-1241 tryton: password hashes leak to authenticated users↗2016-09-08

▶

Bugzilla

CVE-2016-1241 CVE-2016-1242 tryton: various flaws [epel-all]↗2016-09-08

▶

Bugzilla

CVE-2016-1241 CVE-2016-1242 tryton: various flaws [fedora-all]↗2016-09-08

▶