SecuritySpace - CVE-2014-2391

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-2391

Description: The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2391
Bugtraq: 20140408 Open-Xchange Security Advisory 2014-04-08 (Google Search)
http://www.securityfocus.com/archive/1/531762

CVE ID:	CVE-2014-2391
Description:	The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2391 Bugtraq: 20140408 Open-Xchange Security Advisory 2014-04-08 (Google Search) http://www.securityfocus.com/archive/1/531762