Reported January 9, 2002, by Chris Lathem.
VERSION AFFECTED
-
Nevrona MiraMail 1.4 for Windows
DESCRIPTION
A
vulnerability exists in Nevrona MiraMail 1.4 because the system stores all
account information and variables that it uses in .ini files in plain text. Any
user with access to these .ini files can steal or modify account information,
passwords, and groups with impunity.
VENDOR RESPONSE
The vendor, Nevrona Designs, has been notified and will issue version 1.5., which will encrypt the vulnerable .ini files.
CREDIT
Discovered by Chris
Lathem of http://www.lathemonline.com.
0 comments
Hide comments