How severe is CVE-2016-4028?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2016-4028?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2016-4028 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.

Related Vulnerabilities

CVE-2003-1605

HIGH

CVSS:7.5(High)

curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

CWE-2552003

CVE-2013-4786

HIGH

CVSS:7.5(High)

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attac...

CWE-2552013

CVE-2015-9240

HIGH

CVSS:7.5(High)

Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.

CWE-2552015

CVE-2016-3704

HIGH

CVSS:7.5(High)

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.

CWE-2552016

CVE-2016-5838

HIGH

CVSS:7.5(High)

WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.

CWE-2552016

CVE-2016-7030

HIGH

CVSS:7.5(High)

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in whic...

CWE-2552016