JVN#04288738: Active! mail vulnerable to information disclosure

2013-04-04T00:00:00
ID JVN:04288738
Type jvn
Reporter Japan Vulnerability Notes
Modified 2013-04-04T00:00:00

Description

## Description

Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability.

## Impact

If the "external public interface" is enabled, an attacker who can log into the server may obtain users credentials.

## Solution

Restrict log-in to the server
Allow connections only from an administrator or trusted users.

Do not use the "external public interface" function
Turn off the "external public interface" if the function is not necessary.

For more information, refer to the information provided by the developer.

## Products Affected

  • Active! mail 6