Weak Protection of Credentials in MiraMail 1.4 for Windows

Reported January 9, 2002, by Chris Lathem.

VERSION AFFECTED

  • Nevrona MiraMail 1.4 for Windows

 

DESCRIPTION
A vulnerability exists in Nevrona MiraMail 1.4 because the system stores all account information and variables that it uses in .ini files in plain text. Any user with access to these .ini files can steal or modify account information, passwords, and groups with impunity.

 

VENDOR RESPONSE

The vendor, Nevrona Designs, has been notified and will issue version 1.5., which will encrypt the vulnerable .ini files.

 

CREDIT
Discovered by Chris Lathem of http://www.lathemonline.com.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish