CVE-2016-2379

Metadata

low
3.3
pidgin
CVE-2016-2379
cve.mitre.org, talosintelligence.com, pidgin.im, security.gentoo.org
2017-03-29
2017-10-23 14:17
2017-07-20 21:30
2017-06-16 19:18
2017-05-10 23:46
2017-04-28 15:03
2017-04-14 10:20
2017-04-01 21:42
2017-03-31 22:03

Description

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful pidgin None
devel pidgin None
trusty pidgin None
xenial pidgin None
zesty pidgin None

Unaffected

Release Package Reason
precise pidgin ignored
precise/esm pidgin DNE
vivid/stable-phone-overlay pidgin DNE
vivid/ubuntu-core pidgin DNE
yakkety pidgin ignored

Needs Triage

Release Package Reason
upstream pidgin needs-triage