First published: Fri Jul 20 2001(Updated: )
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NetWin dmail | =2.8e | |
NetWin dmail | =2.7q | |
NetWin SurgeFTP | =1.0b | |
NetWin dmail | =2.8g | |
NetWin dmail | =2.8f | |
NetWin SurgeFTP | =2.0a | |
NetWin dmail | =2.5d | |
NetWin dmail | =2.7 | |
NetWin dmail | =2.8i | |
NetWin dmail | =2.7r | |
NetWin dmail | =2.8h | |
NetWin SurgeFTP | =2.0b |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.