Reported January 2, 2001, by Peter Miller
The second vulnerability presents a medium security risk. By default, WinRoute Pro lets anyone use Windows NT domain credentials to access mailboxes. If you use POP3 to access mail, WinRoute Pro lets you send this information in clear text, which could lead to the compromise of your network.
Tiny Software http://www.tinysoftware.com has been notified and claims that there is no easy way to address the first issue. The company plans to address the second issue with its new version of software, expected release time of June 2001.
The original advisories released by Peter Miller to the Win2KSecAdvice mailing list are available at:
Multiple Vulnerabilities in WinRoute Pro