Vulnerability Description
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inter7 | Vpopmail | 3.4.1 |
References
- http://www.inter7.com/vpopmail/ChangeLog
- http://www.securityfocus.com/archive/1/212036PatchVendor Advisory
- http://www.securityfocus.com/bid/3284Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7076
- http://www.inter7.com/vpopmail/ChangeLog
- http://www.securityfocus.com/archive/1/212036PatchVendor Advisory
- http://www.securityfocus.com/bid/3284Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7076
FAQ
What is CVE-2001-0990?
CVE-2001-0990 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username...
How severe is CVE-2001-0990?
CVE-2001-0990 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0990?
Check the references section above for vendor advisories and patch information. Affected products include: Inter7 Vpopmail.