4.6

CVE-2001-1354

Exploit
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetwinDmail Version2.5d
NetwinDmail Version2.7
NetwinDmail Version2.7q
NetwinDmail Version2.7r
NetwinDmail Version2.8e
NetwinDmail Version2.8f
NetwinDmail Version2.8g
NetwinDmail Version2.8h
NetwinDmail Version2.8i
NetwinSurgeftp Version1.0b
NetwinSurgeftp Version2.0a
NetwinSurgeftp Version2.0b
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.51
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://online.securityfocus.com/archive/1/198293
Vendor Advisory
http://www.securityfocus.com/bid/3075
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6866