Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1354

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1354
Last Modified 05 Sep 2008 04:26:20
Published 20 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1354

Summary

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Vulnerable Systems

Application

  • Netwin Dmail 2.5d

  • Netwin Dmail 2.7

  • Netwin Dmail 2.7q

  • Netwin Dmail 2.7r

  • Netwin Dmail 2.8e

  • Netwin Dmail 2.8f

  • Netwin Dmail 2.8g

  • Netwin Dmail 2.8h

  • Netwin Dmail 2.8i

  • Netwin Surgeftp 1.0b

  • Netwin Surgeftp 2.0a

  • Netwin Surgeftp 2.0b


References

XF - netwin-nwauth-weak-encryption(6866)

BID - 3075

BUGTRAQ - 20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows


Last Updated: 27 May 2016 10:36:38