Hmailserver: >> Hmailserver >> 5.6.9 Security Vulnerabilities
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-07-21
An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-07-21
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-07-21