Vulnerabilities > CVE-1999-1497 - Weak Password Encryption vulnerability in IMail

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
ipswitch
exploit available
NVD
Published: 1999-12-21
Updated: 2008-09-05

Summary

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
6

Exploit-Db

  • descriptionIPSwitch IMail Server <= 8.1 Local Password Decryption Utility. CVE-1999-1497. Local exploit for windows platform
    idEDB-ID:401
    last seen2016-01-31
    modified2004-08-18
    published2004-08-18
    reporterAdik
    sourcehttps://www.exploit-db.com/download/401/
    titleIPSwitch IMail Server <= 8.1 - Local Password Decryption Utility
  • descriptionIpswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability. CVE-1999-1497 . Local exploit for windows platform
    idEDB-ID:19683
    last seen2016-02-02
    modified1999-12-19
    published1999-12-19
    reporterMike Davis
    sourcehttps://www.exploit-db.com/download/19683/
    titleIpswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability

References