Mercury Mail Transport System Password Exposure

2003-08-12T11:53:32
ID OSVDB:2132
Type osvdb
Reporter OSVDB
Modified 2003-08-12T11:53:32

Description

Vulnerability Description

Pegasus Mail's Mercury Mail Transport System contains a flaw that allows malicious users to obtain usernames and passwords. The issue is due to the /Mercury/Mail/(username/PASSWD.PM file storing authentication credentials in cleartext.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Pegasus Mail's Mercury Mail Transport System contains a flaw that allows malicious users to obtain usernames and passwords. The issue is due to the /Mercury/Mail/(username/PASSWD.PM file storing authentication credentials in cleartext.

References:

Vendor URL: http://www.pmail.com/ Security Tracker: 1007466 Secunia Advisory ID:9511 ISS X-Force ID: 12882