CVE Vulnerabilities

CVE-2001-1354

Published: Jul 20, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Affected Software

Name Vendor Start Version End Version
Dmail Netwin 2.5d 2.5d
Dmail Netwin 2.7 2.7
Dmail Netwin 2.7q 2.7q
Dmail Netwin 2.7r 2.7r
Dmail Netwin 2.8e 2.8e
Dmail Netwin 2.8f 2.8f
Dmail Netwin 2.8g 2.8g
Dmail Netwin 2.8h 2.8h
Dmail Netwin 2.8i 2.8i
Surgeftp Netwin 1.0b 1.0b
Surgeftp Netwin 2.0a 2.0a
Surgeftp Netwin 2.0b 2.0b

References