CVE-2004-2313

Name of the Vulnerable Software and Affected Versions: Inter7 SqWebMail versions 3.4.1 through 3.6.1

Description: The issue allows remote attackers to guess the root password via brute force attacks because Inter7 SqWebMail generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts.

Recommendations: For versions 3.4.1 through 3.6.1, consider restricting access to the login functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the number of login attempts from a single IP address within a certain time frame to prevent brute force attacks.