SawMill 5.0.21 uses weak encryption to store passwords, which allows malicious users to easily decrypt the password and modify the SawMill configuration.
source: wwwsecurityfocuscom/bid/1403/info
Sawmill is a site statistics package for Unix, Windows and Mac OS Passwords are encrypted using a weak hash function This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and ...