High severity7.5NVD Advisory· Published Apr 11, 2016· Updated May 6, 2026

CVE-2016-0783

Description

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

Affected products

Apache/Openmeetings
cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*
Range: <=3.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openmeetings.apache.org/security.htmlnvdPatchVendor Advisory
haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-codenvd
packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.htmlnvd
www.securityfocus.com/archive/1/537886/100/0/threadednvd
www.apache.org/dist/openmeetings/3.1.1/CHANGELOGnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000