CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
0.4%
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Vendor | Product | Version | CPE |
---|---|---|---|
netwin | dmail | 2.5d | cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:* |
netwin | dmail | 2.7 | cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:* |
netwin | dmail | 2.7q | cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:* |
netwin | dmail | 2.7r | cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:* |
netwin | dmail | 2.8e | cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:* |
netwin | dmail | 2.8f | cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:* |
netwin | dmail | 2.8g | cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:* |
netwin | dmail | 2.8h | cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:* |
netwin | dmail | 2.8i | cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:* |
netwin | surgeftp | 1.0b | cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:* |