{"api_version":"1","generated_at":"2026-04-17T00:30:49+00:00","cve":"CVE-2016-2379","urls":{"html":"https://cve.report/CVE-2016-2379","api":"https://cve.report/api/cve/CVE-2016-2379.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-2379","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-2379"},"summary":{"title":"CVE-2016-2379","description":"The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2017-03-29 20:59:00","updated_at":"2017-04-10 22:16:00"},"problem_types":["CWE-326"],"metrics":[],"references":[{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0122/","name":"http://www.talosintelligence.com/reports/TALOS-2016-0122/","refsource":"MISC","tags":["Third Party Advisory"],"title":"Talos Website","mime":"application/octet-stream","httpstatus":"404","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/201701-38","name":"GLSA-201701-38","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Pidgin: Multiple vulnerabilities (GLSA 201701-38) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/91335","name":"91335","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Pidgin Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://pidgin.im/news/security/?id=95","name":"https://pidgin.im/news/security/?id=95","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Pidgin Security Advisories","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-2379","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2379","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"2379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pidgin","cpe5":"mxit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2379","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pidgin","cpe5":"mxit","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-2379","qid":"710343","title":"Gentoo Linux Pidgin Multiple Vulnerabilities (GLSA 201701-38)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2016-2379","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"91335","refsource":"BID","url":"http://www.securityfocus.com/bid/91335"},{"name":"GLSA-201701-38","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201701-38"},{"name":"https://pidgin.im/news/security/?id=95","refsource":"CONFIRM","url":"https://pidgin.im/news/security/?id=95"},{"name":"http://www.talosintelligence.com/reports/TALOS-2016-0122/","refsource":"MISC","url":"http://www.talosintelligence.com/reports/TALOS-2016-0122/"}]}},"nvd":{"publishedDate":"2017-03-29 20:59:00","lastModifiedDate":"2017-04-10 22:16:00","problem_types":["CWE-326"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3},"severity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pidgin:mxit:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"2379","Ordinal":"88226","Title":"CVE-2016-2379","CVE":"CVE-2016-2379","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"2379","Ordinal":"1","NoteData":"The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"2379","Ordinal":"2","NoteData":"2017-03-29","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"2379","Ordinal":"3","NoteData":"2017-03-30","Type":"Other","Title":"Modified"}]}}}