Inframail Discloses Passwords to Local Users
|
|
SecurityTracker Alert ID: 1007487
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 13 2003
|
Impact: Disclosure of authentication information
|
Exploit Included: Yes
|
Version(s): 5.2.6
|
Description: CyberTalon reported a vulnerability in Inframail. A local user can obtain user passwords.
It is reported that the server stores user account information, including passwords in clear text, in the '/data/accounts.txt' file. A local user can view the passwords.
|
Impact: A local user can view passwords for e-mail users.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.infradig.com/inframail/index.shtml (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: cyber talon <cyber_talon@hotmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Aug 2003 03:16:56 -0300
From: cyber talon <cyber_talon@hotmail.com>
Subject: Inframail 5.2.6 Sensitive Information Disclosure
|
Inframail 5.2.6 Sensitive Information Disclosure
Found by: CyberTalon
1. Problem
2. Solution
3. Info
1. Inframail 5.2.6 stores account information in /data/accounts.txt in clear
text.
2. They need to use encryption when storing sensitive information like that.
3. Vendor URL: www.infradig.com
-CT
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
|
|
