Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0322

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0322
Last Modified 05 Sep 2008 04:45:57
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0322

Summary

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

Vulnerable Systems

Application

  • Icewarp Web Mail 5.3.0

  • Icewarp Web Mail 5.3.2

  • Merak Mail Server 7.6.0

  • Merak Mail Server 7.6.4r


References

XF - merak-icewarp-weak-password-encryption(19153)

BUGTRAQ - 20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes


Last Updated: 27 May 2016 10:39:46