Nevrona Designs MiraMail stores all configuration and user account information in unencrypted text file

Overview

Some versions of MiraMail store username and passwords in a text file without using encryption.

Description

MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plaintext stored in a ‘.ini’ file.

---

Impact

Any user with access to the .ini file can learn all usernames and passwords used by MiraMail.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

None.

---

Vendor Information

245707

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Nevrona Unknown

Notified: February 05, 2002 Updated: August 06, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23245707 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.nevrona.com/miramail&gt;
• <http://www.securityfocus.com/bid/3843&gt;

Acknowledgements

Thanks to Chris Lathem for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2002-0110
Severity Metric:	0.81 Date Public: