Vulnerability Name:

CVE-1999-1497 (CCN-1901)

Assigned:1999-03-04
Published:1999-03-04
Updated:2008-09-05
Summary:Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Mon Dec 20 1999 - 23:09:51 CST
[w00giving '99 #11] IMail's password encryption scheme

Source: CCN
Type: BugTraq Mailing List, Thu, 4 Mar 1999 22:30:42 -0800
IMAIL password recovery is trivial.

Source: MITRE
Type: CNA
CVE-1999-1497

Source: MITRE
Type: CNA
CVE-2000-0019

Source: CCN
Type: OSVDB ID: 13592
Ipswitch IMail POP3 Local File Encryption Weakness

Source: CCN
Type: OSVDB ID: 9007
Ipswitch IMail Registry Key Weak Encryption Password Storage

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
19991221 [w00giving '99 #11] IMail's password encryption scheme

Source: BID
Type: Exploit, Vendor Advisory
880

Source: CCN
Type: BID-880
IMail Weak Password Encryption Vulnerability

Source: XF
Type: UNKNOWN
imail-passwords(1901)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ipswitch:imail:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ipswitch:imail:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ipswitch:imail_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ipswitch imail 5.0
    ipswitch imail 5.0.5
    ipswitch imail 5.0.6
    ipswitch imail 5.0.7
    ipswitch imail 5.0.8
    ipswitch imail 6.0
    ipswitch imail server *