Lucene search

[email protected]NVD:CVE-2001-1354

HistoryJul 20, 2001 - 4:00 a.m.

CVE-2001-1354

2001-07-2004:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Affected configurations

Nvd

Node

netwindmailMatch2.5d

netwindmailMatch2.7

netwindmailMatch2.7q

netwindmailMatch2.7r

netwindmailMatch2.8e

netwindmailMatch2.8f

netwindmailMatch2.8g

netwindmailMatch2.8h

netwindmailMatch2.8i

netwinsurgeftpMatch1.0b

netwinsurgeftpMatch2.0a

netwinsurgeftpMatch2.0b

VendorProductVersionCPE
netwindmail2.5dcpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*
netwindmail2.7cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*
netwindmail2.7qcpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*
netwindmail2.7rcpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*
netwindmail2.8ecpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*
netwindmail2.8fcpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*
netwindmail2.8gcpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*
netwindmail2.8hcpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*
netwindmail2.8icpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*
netwinsurgeftp1.0bcpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netwin	dmail	2.5d	cpe:2.3:a:netwin:dmail:2.5d:::::::*
netwin	dmail	2.7	cpe:2.3:a:netwin:dmail:2.7:::::::*
netwin	dmail	2.7q	cpe:2.3:a:netwin:dmail:2.7q:::::::*
netwin	dmail	2.7r	cpe:2.3:a:netwin:dmail:2.7r:::::::*
netwin	dmail	2.8e	cpe:2.3:a:netwin:dmail:2.8e:::::::*
netwin	dmail	2.8f	cpe:2.3:a:netwin:dmail:2.8f:::::::*
netwin	dmail	2.8g	cpe:2.3:a:netwin:dmail:2.8g:::::::*
netwin	dmail	2.8h	cpe:2.3:a:netwin:dmail:2.8h:::::::*
netwin	dmail	2.8i	cpe:2.3:a:netwin:dmail:2.8i:::::::*
netwin	surgeftp	1.0b	cpe:2.3:a:netwin:surgeftp:1.0b:::::::*

Rows per page:

1-10 of 121

References

online.securityfocus.com/archive/1/198293

www.securityfocus.com/bid/3075

exchange.xforce.ibmcloud.com/vulnerabilities/6866

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2001-1354

cvelist1 exploitdb1 cve1