SecurityTracker.com Archives - IMail Server Password Encryption Algorithm Lets Local Decrypt Passwords

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (E-mail Server) > IMail Server

Vendors: Ipswitch

IMail Server Password Encryption Algorithm Lets Local Decrypt Passwords

SecurityTracker Alert ID: 1023552

SecurityTracker URL: http://securitytracker.com/id?1023552

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Feb 5 2010

Impact: Disclosure of authentication information

Exploit Included: Yes

Version(s): 11.01

Description: A vulnerability was reported in IMail Server. A local user can obtain passwords.

The IMail password decryption algorithm in 'IMailsec.dll' can be reversed. A local user can obtain passwords.

In addition, the registry configuration allows the Internet Guest account to have "Full Control" over the IMail directory.

The vendor was notified on January 21, 2010.

sinn3r from Corelan Security Team reported this vulnerability.

Impact: A local user can obtain passwords.

Solution: No solution was available at the time of this entry.

Vendor URL: www.ipswitch.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (2000), Windows (2003)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2010, SecurityGlobal.net LLC