Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Affected Packages

Maven org.apache.openmeetings:openmeetings-parent

Affected versions: 1.0.0 (fixed in 3.3.0)

Related CVEs

CVE-2017-7673

Key Information

GHSA ID

GHSA-cqm6-hrgq-6869

Published

May 13, 2022 1:47 AM

Last Modified

November 22, 2022 6:57 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.openmeetings:openmeetings-parent

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.