CVE-2001-1354

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*

History

No history.

Information

Published : 2001-07-20 04:00

Updated : 2024-02-04 16:31


NVD link : CVE-2001-1354

Mitre link : CVE-2001-1354

CVE.ORG link : CVE-2001-1354


JSON object : View

Products Affected

netwin

  • surgeftp
  • dmail