CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
26.0%
Some versions of MiraMail store username and passwords in a text file without using encryption.
MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plaintext stored in a ‘.ini’ file.
Any user with access to the .ini file can learn all usernames and passwords used by MiraMail.
The CERT/CC is currently unaware of a practical solution to this problem.
None.
245707
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 05, 2002 Updated: August 06, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23245707 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Chris Lathem for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2002-0110 |
---|---|
Severity Metric: | 0.81 Date Public: |