Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=110304957607578&w=2 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18470 - |
Information
Published : 2005-01-10 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-1022
Mitre link : CVE-2004-1022
CVE.ORG link : CVE-2004-1022
JSON object : View
Products Affected
kerio
- serverfirewall
- kerio_mailserver
- winroute_firewall
CWE