CVE-2016-2379: Weak Encryption
First published: Wed Mar 29 2017(Updated: )
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pidgin libpurple |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2379?
CVE-2016-2379 is considered a medium severity vulnerability due to its potential to expose user credentials.
How do I fix CVE-2016-2379?
To fix CVE-2016-2379, update to the latest version of Pidgin that addresses this vulnerability.
What types of attacks are possible due to CVE-2016-2379?
CVE-2016-2379 could allow attackers to decrypt hashed passwords or gain unauthorized login access.
Who is affected by CVE-2016-2379?
Users of the Pidgin client utilizing the Mxit protocol are affected by CVE-2016-2379.
What causes CVE-2016-2379?
CVE-2016-2379 is caused by the use of weak encryption methods for password storage in the Mxit protocol.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pidgin
- canonical/pidgin libpurple