Apache OpenMeeting predictable Password Reset token Vulnerability (CVE-2016-0783)
Apache OpenMeeting predictable Password Reset token Vulnerability (CVE-2016-0783)
Release date:
Updated on:
Affected Systems:
Apache Group OpenMeetings <3.1.1
Description:
CVE (CAN) ID: CVE-2016-0783
Apache OpenMeetings is an audio and video conferencing software.
In versions earlier than Apache OpenMeetings 3.1.1, The sendHashByUser function generates a predictable Password Reset token. Remote attackers can reset arbitrary user passwords by using the user name and current system time.
<* Source: Andreas Lindh
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG
Install OpenMeetings on a Linux/Unix system. Free video conference graphic tutorial
OpenMeetings Installation
OpenMeetings installation for Open-Source Video Conferencing Systems in Linux
Tutorial on building an OpenMeetings1.9 Video Conferencing System in Windows
For details about OpenMeetings, click here
OpenMeetings: click here
This article permanently updates the link address: