5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.3%
Novell GroupWise is an email storage program. Email is encrypted when stored. Usernames and passwords can be acquired by sniffing communications between the client and server.
In Novell GroupWise email is stored as encrypted data. Clients and servers operating in Live Remote or Smart Caching mode improperly set a flag. This allows an attacker sniffing communications between the client and server to acquire usernames and passwords. As a result, an attacker can read all email stored in the GroupWise system on an account by account basis. The following versions of the clients and servers are affected by a this vulnerability:
* GroupWise 5.5 Enhancement Pack
* GroupWise 5.5 Enhancement Pack SP1
* GroupWise 5.5 Enhancement Pack SP2
* GroupWise 5.5 Enhancement Pack SP3
* GroupWise 6
Any user on the system can read all emails on that system on an acount by account basis.
Novell has released a patch, available at <http://support.novell.com/padlock>. Both the client and server must have patches applied.
726891
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 06, 2001 Updated: January 28, 2002
Affected
<http://support.novell.com/padlock/details.htm>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23726891 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Our thanks to “Zig Ziggler” who reported this vulnerability to Novell and the CERT/CC.
This document was written by Jason Rafail.
CVE IDs: | CVE-2001-1231 |
---|---|
Severity Metric: | 0.17 Date Public: |