Vulnerability Details CVE-2001-0990
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.6%
CVSS Severity
CVSS v2 Score 4.6
References
- http://www.inter7.com/vpopmail/ChangeLog
- http://www.securityfocus.com/archive/1/212036
- http://www.securityfocus.com/bid/3284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7076
- http://www.inter7.com/vpopmail/ChangeLog
- http://www.securityfocus.com/archive/1/212036
- http://www.securityfocus.com/bid/3284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7076
Products affected by CVE-2001-0990
-
cpe:2.3:a:inter7:vpopmail:3.4.1
-
cpe:2.3:a:inter7:vpopmail:3.4.10
-
cpe:2.3:a:inter7:vpopmail:3.4.11
-
cpe:2.3:a:inter7:vpopmail:3.4.11e
-
cpe:2.3:a:inter7:vpopmail:3.4.2
-
cpe:2.3:a:inter7:vpopmail:3.4.3
-
cpe:2.3:a:inter7:vpopmail:3.4.4
-
cpe:2.3:a:inter7:vpopmail:3.4.5
-
cpe:2.3:a:inter7:vpopmail:3.4.6
-
cpe:2.3:a:inter7:vpopmail:3.4.7
-
cpe:2.3:a:inter7:vpopmail:3.4.8
-
cpe:2.3:a:inter7:vpopmail:3.4.9
-
cpe:2.3:a:inter7:vpopmail:4.5
-
cpe:2.3:a:inter7:vpopmail:4.6
-
cpe:2.3:a:inter7:vpopmail:4.7
-
cpe:2.3:a:inter7:vpopmail:4.8
-
cpe:2.3:a:inter7:vpopmail:4.9
-
cpe:2.3:a:inter7:vpopmail:4.9.10