CVE-2016-1241

Published: 7 September 2016

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

Priority

CVSS 3 base score: 5.3

Status

Package	Release	Status
tryton-server Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (4.0.4-1)
	cosmic	Not vulnerable (4.0.4-1)
	disco	Not vulnerable (4.0.4-1)
	eoan	Not vulnerable (4.0.4-1)
	focal	Not vulnerable (4.0.4-1)
	groovy	Not vulnerable (4.0.4-1)
	hirsute	Not vulnerable (4.0.4-1)
	impish	Not vulnerable (4.0.4-1)
	jammy	Not vulnerable (4.0.4-1)
	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Released (4.0.4-1)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)

Notes

Author	Note
ebarretto	password_hash introduced in 3.2.x

References

Bugs

https://bugs.tryton.org/issue5795

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›