Vulnerability Description
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewarp | Web Mail | 5.3.0 |
| Merak | Mail Server | 7.6.0 |
References
- http://marc.info/?l=bugtraq&m=110693950205007&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19153
- http://marc.info/?l=bugtraq&m=110693950205007&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19153
FAQ
What is CVE-2005-0322?
CVE-2005-0322 is a vulnerability with a CVSS score of 7.2 (HIGH). MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat fil...
How severe is CVE-2005-0322?
CVE-2005-0322 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0322?
Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail, Merak Mail Server.