NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netwin dmail 2.8g |
||
netwin dmail 2.8h |
||
netwin dmail 2.8e |
||
netwin dmail 2.8f |
||
netwin dmail 2.7q |
||
netwin dmail 2.7r |
||
netwin surgeftp 2.0a |
||
netwin surgeftp 2.0b |
||
netwin dmail 2.5d |
||
netwin dmail 2.7 |
||
netwin dmail 2.8i |
||
netwin surgeftp 1.0b |