PT-1999-1686 · Pegasus · Pegasus

Published

1999-05-15

Updated

2016-10-18

CVE-1999-1366

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Pegasus e-mail client versions 3.0 and earlier

Description: The issue concerns the use of weak encryption to store POP3 passwords in the pmail.ini file. This weakness allows local users to easily decrypt the passwords, potentially enabling them to read e-mail.

Recommendations: For versions 3.0 and earlier, consider updating the encryption method used to store POP3 passwords to a stronger alternative. As a temporary workaround, restrict access to the pmail.ini file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1366

Affected Products

Pegasus

PT-1999-1686 · Pegasus · Pegasus

CVE-1999-1366

Related Identifiers

Affected Products

References · 2