CVE-1999-1366

Name of the Vulnerable Software and Affected Versions: Pegasus e-mail client versions 3.0 and earlier

Description: The issue concerns the use of weak encryption to store POP3 passwords in the pmail.ini file. This weakness allows local users to easily decrypt the passwords, potentially enabling them to read e-mail.

Recommendations: For versions 3.0 and earlier, consider updating the encryption method used to store POP3 passwords to a stronger alternative. As a temporary workaround, restrict access to the pmail.ini file to minimize the risk of exploitation.