Vulnerabilities > CVE-2001-0990 - Authentication Data Recovery vulnerability in Inter7 vpopmail MySQL

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

inter7

NVD

Published: 2001-09-04

Updated: 2017-12-19

Summary

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

Vulnerable Configurations

Part	Description	Count
Application	Inter7 Inter7 Vpopmail 3.4.1 Inter7 Vpopmail 3.4.2 Inter7 Vpopmail 3.4.3 Inter7 Vpopmail 3.4.4 Inter7 Vpopmail 3.4.5 Inter7 Vpopmail 3.4.6 Inter7 Vpopmail 3.4.7 Inter7 Vpopmail 3.4.8 Inter7 Vpopmail 3.4.9 Inter7 Vpopmail 3.4.10 Inter7 Vpopmail 3.4.11 Inter7 Vpopmail 3.4.11E Inter7 Vpopmail 4.5 Inter7 Vpopmail 4.6 Inter7 Vpopmail 4.7 Inter7 Vpopmail 4.8 Inter7 Vpopmail 4.9 Inter7 Vpopmail 4.9.10	18

Summary

Vulnerable Configurations

References