CVE-2016-4028

Published on: 12/15/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVE-2016-4028

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ox Guard from Open-xchange contain the following vulnerability:

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.

  • CVE-2016-4028 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH LOW NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 3.5 - LOW

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
SecurityFocus www.securityfocus.com
text/html
 URL Logo BUGTRAQ 20160622 Open-Xchange Security Advisory 2016-06-22
Open-Xchange Guard Error Code Response Lets Remote Authenticated Users Obtain Authentication Information - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
 URL Logo SECTRACK 1036154
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpen-xchangeOx GuardAllrev7AllAll
  • cpe:2.3:a:open-xchange:ox_guard:*:rev7:*:*:*:*:*:*: