Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1354


Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1354
Last Modified 05 Sep 2008 04:26:20
Published 20 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE



NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Vulnerable Systems


  • Netwin Dmail 2.5d

  • Netwin Dmail 2.7

  • Netwin Dmail 2.7q

  • Netwin Dmail 2.7r

  • Netwin Dmail 2.8e

  • Netwin Dmail 2.8f

  • Netwin Dmail 2.8g

  • Netwin Dmail 2.8h

  • Netwin Dmail 2.8i

  • Netwin Surgeftp 1.0b

  • Netwin Surgeftp 2.0a

  • Netwin Surgeftp 2.0b


XF - netwin-nwauth-weak-encryption(6866)

BID - 3075

BUGTRAQ - 20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows

Last Updated: 27 May 2016 10:36:38