CVE-2001-0990

Sažetak

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

Reference

http://www.inter7.com/vpopmail/ChangeLog
http://www.securityfocus.com/archive/1/212036
http://www.securityfocus.com/bid/3284
https://exchange.xforce.ibmcloud.com/vulnerabilities/7076

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

04-09-2001 - 04:00