Cryptographic Issues Affecting org.apache.openmeetings:openmeetings-web package, versions [1.0.0,3.3.0)
Do your applications use this vulnerable package?
30 Oct 2017
17 Jul 2017
How to fix?
org.apache.openmeetings:openmeetings-web to version 3.3.0 or higher.
org.apache.openmeetings:openmeetings-web is a module for all Wicket based UI OpenMeetings components.
Affected versions of the package are vulnerable to Cryptographic Issues. Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.