Main Vulnerability Database Vulnerabilities #VU42460

Cryptographic issues in ejabberd - CVE-2013-6169

Published: October 18, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42460

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-6169

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: processone

Affected software:
ejabberd

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

How to mitigate CVE-2013-6169

Install update from vendor's website.

Sources

http://www.debian.org/security/2013/dsa-2775
https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12/

Cryptographic issues in ejabberd - CVE-2013-6169

Detailed vulnerability description

How to mitigate CVE-2013-6169

Sources

Please verify you're human