CVE-2016-2379

Published: Mar 29, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

Affected (1)

Products: Pidgin: Mxit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pidgin Mxit	All versions

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (8)

http://www.securityfocus.com/bid/91335

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0122/

Source: cret@cert.org

Third Party Advisory

https://pidgin.im/news/security/?id=95

Source: cret@cert.org

Vendor Advisory

https://security.gentoo.org/glsa/201701-38

Source: cret@cert.org

Third Party Advisory

http://www.securityfocus.com/bid/91335

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0122/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://pidgin.im/news/security/?id=95

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.gentoo.org/glsa/201701-38

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.