Lucene search
MitreCVE-2001-1354HistoryJun 11, 2002 - 4:00 a.m.
CVE-2001-1354
2002-06-1104:00:00
mitre
web.nvd.nist.gov
30
netwin
authentication module
weak password hashing
surgeftp
dmail
cve-2001-1354
nvd
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0
Percentile
0.4%
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Affected configurations
Node
netwindmailMatch2.5d
ORnetwindmailMatch2.7
ORnetwindmailMatch2.7q
ORnetwindmailMatch2.7r
ORnetwindmailMatch2.8e
ORnetwindmailMatch2.8f
ORnetwindmailMatch2.8g
ORnetwindmailMatch2.8h
ORnetwindmailMatch2.8i
ORnetwinsurgeftpMatch1.0b
ORnetwinsurgeftpMatch2.0a
ORnetwinsurgeftpMatch2.0b
| Vendor | Product | Version | CPE |
|---|---|---|---|
| netwin | dmail | 2.5d | cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:* |
| netwin | dmail | 2.7 | cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:* |
| netwin | dmail | 2.7q | cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:* |
| netwin | dmail | 2.7r | cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:* |
| netwin | dmail | 2.8e | cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:* |
| netwin | dmail | 2.8f | cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:* |
| netwin | dmail | 2.8g | cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:* |
| netwin | dmail | 2.8h | cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:* |
| netwin | dmail | 2.8i | cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:* |
| netwin | surgeftp | 1.0b | cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2001-1354
2001-07-20 04:00:00
cvelist
cvelist
CVE-2001-1354
2002-06-11 04:00:00
exploitdb
exploitdb
NetWin DMail 2.x / SurgeFTP 1.0/2.0 - Weak Password Encryption
2001-07-20 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0
Percentile
0.4%
Related for CVE-2001-1354