Описание
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:netwin:dmail:2.5d:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7q:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.7r:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8e:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8f:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8g:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8h:*:*:*:*:*:*:*
cpe:2.3:a:netwin:dmail:2.8i:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:1.0b:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*
cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00146
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
EPSS
Процентиль: 36%
0.00146
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other