CVE-2016-4028OX Guard vulnerability

CWE-2553 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 64.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange OX Guard
Timeline
PublishedDec 15
Latest updateMay 14

Description

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qxh8-75pv-8vmg: An issue was discovered in Open-Xchange OX Guard before 22022-05-14
CVEList
CVE-2016-4028: An issue was discovered in Open-Xchange OX Guard before 22016-12-15
CVE-2016-4028 — Open-xchange OX Guard vulnerability | cvebase