CVE-2016-4028

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.

Se descubrió un problema en OX Guard de Open-Xchange anterior a versión 2.4.0-rev8. OX Guard utiliza un token de autenticación para identificar y transferir las credenciales de usuarios invitados. La API de OX Guard actúa como un oráculo de relleno (padding oracle) al responder con diferentes códigos de error dependiendo de si el token provisto coincide con el cifrado de relleno (encryption padding). En combinación con AES-CBC, esto permite a los atacantes adivinar el relleno correcto. Los atacantes pueden ejecutar ataques violentos en el contenido del token de autenticación del invitado y detectar las credenciales del usuario. Para un vector de ataque práctico, los usuarios invitados necesitan haber iniciado sesión, el contenido de la cookie "OxReaderID" del usuario invitado y el valor del parámetro "auth" deben ser conocidos por el atacante.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-04-15 CVE Reserved
2016-12-15 CVE Published
2024-08-06 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/archive/1/538732/100/0/threaded	Mailing List
http://www.securitytracker.com/id/1036154	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Open-xchange Search vendor "Open-xchange"		Ox Guard Search vendor "Open-xchange" for product "Ox Guard"				<= 2.4.0 Search vendor "Open-xchange" for product "Ox Guard" and version " <= 2.4.0"		rev7		Affected