Inframail Discloses Passwords to Local Users
|
|
SecurityTracker Alert ID: 1007487 |
|
SecurityTracker URL: http://securitytracker.com/id/1007487
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 13 2003
|
Impact:
Disclosure of authentication information
|
Exploit Included: Yes
|
Version(s): 5.2.6
|
Description:
CyberTalon reported a vulnerability in Inframail. A local user can obtain user passwords.
It is reported that the server stores user account information, including passwords in clear text, in the '/data/accounts.txt' file. A local user can view the passwords.
|
Impact:
A local user can view passwords for e-mail users.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.infradig.com/inframail/index.shtml (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Aug 2003 03:16:56 -0300
Subject: Inframail 5.2.6 Sensitive Information Disclosure
|
Inframail 5.2.6 Sensitive Information Disclosure
Found by: CyberTalon
1. Problem
2. Solution
3. Info
1. Inframail 5.2.6 stores account information in /data/accounts.txt in clear
text.
2. They need to use encryption when storing sensitive information like that.
3. Vendor URL: www.infradig.com
-CT
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
|
|
