Vulnerability CVE-2001-0990


Published: 2001-09-04   Modified: 2012-02-12

Description:
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Inter7 -> Vpopmail 

 References:
http://www.inter7.com/vpopmail/ChangeLog
http://www.securityfocus.com/archive/1/212036
http://www.securityfocus.com/bid/3284
https://exchange.xforce.ibmcloud.com/vulnerabilities/7076

Copyright 2024, cxsecurity.com

 

Back to Top