Published: 20/07/2001 Updated: 19/12/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netwin dmail 2.8g
netwin dmail 2.8h
netwin dmail 2.8e
netwin dmail 2.8f
netwin dmail 2.7q
netwin dmail 2.7r
netwin surgeftp 2.0a
netwin surgeftp 2.0b
netwin dmail 2.5d
netwin dmail 2.7
netwin dmail 2.8i
netwin surgeftp 1.0b

source: wwwsecurityfocuscom/bid/3075/info The Netwin Authentication module, or NWAuth, is an external authentication module used by several Netwin products A simple one-way hash function is used by NWAuth to perform password encryption operations As a result, it is trivial for an attacker to compose a list of possible plaintext values ...

NVD-CWE-Other http://online.securityfocus.com/archive/1/198293 http://www.securityfocus.com/bid/3075 https://exchange.xforce.ibmcloud.com/vulnerabilities/6866 https://nvd.nist.gov https://www.exploit-db.com/exploits/21020/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-1354

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect