CVE-2006-6997

Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to weakened authentication security with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/114.html
• https://cwe.mitre.org/data/definitions/115.html
• https://cwe.mitre.org/data/definitions/151.html
• https://cwe.mitre.org/data/definitions/194.html
• https://cwe.mitre.org/data/definitions/22.html
• https://cwe.mitre.org/data/definitions/57.html
• https://cwe.mitre.org/data/definitions/593.html
• https://cwe.mitre.org/data/definitions/633.html
• https://cwe.mitre.org/data/definitions/650.html
• https://cwe.mitre.org/data/definitions/94.html

References

• http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1359.html
• http://www.mailenable.com/enterprisehistory.asp
• http://www.mailenable.com/professionalhistory.asp
• http://www.mailenable.com/standardhistory.asp
• http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1359.html
• http://www.mailenable.com/enterprisehistory.asp
• http://www.mailenable.com/professionalhistory.asp
• http://www.mailenable.com/standardhistory.asp