CVE-2005-0322

Name of the Vulnerable Software and Affected Versions MERAK Mail Server versions 7.6.0 through 7.6.4r

Description The issue concerns the use of weak encryption in certain configuration files, specifically users.cfg, settings.cfg, users.dat, or user.dat files. This weakness allows local users to extract passwords from these files.

Recommendations For MERAK Mail Server versions 7.6.0 through 7.6.4r, consider restricting access to the users.cfg, settings.cfg, users.dat, and user.dat files to minimize the risk of password extraction. Additionally, as a temporary workaround, limit local user privileges to reduce the potential for exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.