CVE-2001-1354

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://online.securityfocus.com/archive/1/198293	Vendor Advisory
http://www.securityfocus.com/bid/3075	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6866

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netwin:dmail:2.5d:::::::*
	cpe:2.3:a:netwin:dmail:2.7:::::::*
	cpe:2.3:a:netwin:dmail:2.7q:::::::*
	cpe:2.3:a:netwin:dmail:2.7r:::::::*
	cpe:2.3:a:netwin:dmail:2.8e:::::::*
	cpe:2.3:a:netwin:dmail:2.8f:::::::*
	cpe:2.3:a:netwin:dmail:2.8g:::::::*
	cpe:2.3:a:netwin:dmail:2.8h:::::::*
	cpe:2.3:a:netwin:dmail:2.8i:::::::*
	cpe:2.3:a:netwin:surgeftp:1.0b:::::::*
	cpe:2.3:a:netwin:surgeftp:2.0a:::::::*
	cpe:2.3:a:netwin:surgeftp:2.0b:::::::*

History

No history.

Information

Published : 2001-07-20 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2001-1354

Mitre link : CVE-2001-1354

CVE.ORG link : CVE-2001-1354

JSON object : View

Products Affected

netwin

surgeftp
dmail

CWE

NVD-CWE-Other

{"id": "CVE-2001-1354", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-07-20T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/198293", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3075", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password."}], "lastModified": "2017-12-19T02:29:36.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF456029-C817-4FC5-AFE2-9637219E220C"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60C72EA3-5D19-44B7-AB3D-99122A470205"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "316BCDB3-3762-436F-91B2-41231A55CB96"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD266925-B677-4462-9BF6-0828FD5CBF41"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BD3CC6-5E2C-4534-925E-B81D92F18A1F"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C25AB545-FCF5-42FB-801E-07DF0ADC4865"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF6F3B04-6DA7-42F8-8873-7625B93523ED"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F44C662D-58ED-41E0-8718-259321F9F9E9"}, {"criteria": "cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE745C7-C370-44FF-BAC4-EE93EE6AFC46"}, {"criteria": "cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE4FD50F-DDFA-40AD-BFCC-F606CEF450F1"}, {"criteria": "cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC94C372-7536-4692-AEA7-B58B32E2A5F1"}, {"criteria": "cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59DB045D-91F6-4AFC-8331-F2155D38D5FE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}