PT-2004-2021 · Kerio · Kerio Serverfirewall+2

Javier Munoz

Publicado

2004-12-15

Atualizado

2017-07-11

CVE-2004-1022

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Kerio Winroute Firewall versions prior to 6.0.7 Kerio ServerFirewall versions prior to 1.0.1 Kerio MailServer versions prior to 6.0.5

Description: The issue allows attackers to decrypt the user database and obtain passwords by extracting a secret key from within the software, due to the use of symmetric encryption for user passwords.

Recommendations: For Kerio Winroute Firewall versions prior to 6.0.7, update to version 6.0.7 or later to resolve the issue. For Kerio ServerFirewall versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. For Kerio MailServer versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1022

Produtos afetados

Kerio Mailserver

Kerio Serverfirewall

Kerio Winroute Firewall

PT-2004-2021 · Kerio · Kerio Serverfirewall+2

CVE-2004-1022

Identificadores relacionados

Produtos afetados

Referências · 7