Kerio: >> Kerio Mailserver >> 6.0.2 Security Vulnerabilities
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
CVSS Score
2.1
EPSS Score
0.0
Published
2005-01-10
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-01-10
Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."
CVSS Score
10.0
EPSS Score
0.004
Published
2004-12-31
Page 2