Kerio · Kerio Serverfirewall · CVE-2004-1022
Name of the Vulnerable Software and Affected Versions:
Kerio Winroute Firewall versions prior to 6.0.7
Kerio ServerFirewall versions prior to 1.0.1
Kerio MailServer versions prior to 6.0.5
Description:
The issue allows attackers to decrypt the user database and obtain passwords by extracting a secret key from within the software, due to the use of symmetric encryption for user passwords.
Recommendations:
For Kerio Winroute Firewall versions prior to 6.0.7, update to version 6.0.7 or later to resolve the issue.
For Kerio ServerFirewall versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.
For Kerio MailServer versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.