Vulnerabilities > CVE-2004-2337 - Unspecified vulnerability in Inlook

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

inlook

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.

Vulnerable Configurations

Part	Description	Count
Application	Inlook Inlook Inlook 0.6.0 Inlook Inlook 0.6.1 Inlook Inlook 0.6.2 Inlook Inlook 0.6.3 Inlook Inlook 0.6.4 Inlook Inlook 0.6.5 Inlook Inlook 0.6.6 Inlook Inlook 0.6.7 Inlook Inlook 0.6.8 Inlook Inlook 0.6.9 Inlook Inlook 0.6.10.0 Inlook Inlook 0.6.11 Inlook Inlook 0.6.12 Inlook Inlook 0.6.13 Inlook Inlook 0.6.14 Inlook Inlook 0.7.0 Inlook Inlook 0.7.1 Inlook Inlook 0.7.2 Inlook Inlook 0.7.3	19

References

http://secunia.com/advisories/10752/
http://www.osvdb.org/3771
http://www.securityfocus.com/bid/9527
https://exchange.xforce.ibmcloud.com/vulnerabilities/14990
https://sourceforge.net/project/shownotes.php?release_id=213427