CVE-2005-0322

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=110693950205007&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19153
http://marc.info/?l=bugtraq&m=110693950205007&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19153

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:icewarp:web_mail:5.3.0:::::::*
	cpe:2.3:a:icewarp:web_mail:5.3.2:::::::*
	cpe:2.3:a:merak:mail_server:7.6.0:::::::*
	cpe:2.3:a:merak:mail_server:7.6.4r:::::::*

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110693950205007&w=2 -~~	() http://marc.info/?l=bugtraq&m=110693950205007&w=2 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/19153 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/19153 -

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0322

Mitre link : CVE-2005-0322

CVE.ORG link : CVE-2005-0322

JSON object : View

Products Affected

icewarp

web_mail

merak

mail_server

CWE

NVD-CWE-Other

{"id": "CVE-2005-0322", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110693950205007&w=2", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19153", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110693950205007&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19153", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icewarp:web_mail:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A3A562-CA49-4510-AE36-70D3421B1A34"}, {"criteria": "cpe:2.3:a:icewarp:web_mail:5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EFBAF4F-2B71-4BAB-A3C2-AB7249B1F81B"}, {"criteria": "cpe:2.3:a:merak:mail_server:7.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10B2D88-4019-4F3C-9500-482A2A9AFE97"}, {"criteria": "cpe:2.3:a:merak:mail_server:7.6.4r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "233BAEB8-F317-4962-8907-0FE439C15EE4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10