Published: 21/12/1999 Updated: 05/09/2008

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local malicious users to read passwords for e-mail accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch imail 5.0.8
ipswitch imail 6.0
ipswitch imail 5.0
ipswitch imail 5.0.6
ipswitch imail 5.0.5
ipswitch imail 5.0.7

source: wwwsecurityfocuscom/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\(DomainName)\Users\(UserName), in a string value called "Password" The encryption scheme used is weak and has been broken The following description of the mechanism used is quoted from M ...

/********************************************************************************* * IpSwitch IMail Server <= ver 81 User Password Decryption * * by Adik < netmaniac hotmail KG > * * IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords It uses * polyalphabetic Vegenere cipher to encrypt its user passwords ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/39329 http://www.securityfocus.com/bid/880 https://nvd.nist.gov https://www.exploit-db.com/exploits/19683/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-1999-1497

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect