Vulnerability Description
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netwin | Dmail | 2.5d |
| Netwin | Surgeftp | 1.0b |
References
- http://online.securityfocus.com/archive/1/198293Vendor Advisory
- http://www.securityfocus.com/bid/3075ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6866
- http://online.securityfocus.com/archive/1/198293Vendor Advisory
- http://www.securityfocus.com/bid/3075ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6866
FAQ
What is CVE-2001-1354?
CVE-2001-1354 is a vulnerability with a CVSS score of 4.6 (MEDIUM). NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or us...
How severe is CVE-2001-1354?
CVE-2001-1354 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1354?
Check the references section above for vendor advisories and patch information. Affected products include: Netwin Dmail, Netwin Surgeftp.