Ox Guard
CVE-2016-4028
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.
AnalysisAI
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-255. An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker. Affected products include: Open-Xchange Ox Guard. Version information: before 2.4.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability
An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. Rated high severity (CVSS 8.8), this vulnerability is r
OX Guard 2.10.3 and earlier allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no
Users were able to set an arbitrary "product name" for OX Guard. Rated medium severity (CVSS 5.4), this vulnerability is
OX Guard 2.10.3 and earlier allows SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, l
Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject a
Same weakness CWE-255 – Credentials Management Errors
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today