CVE-2001-1354

Name of the Vulnerable Software and Affected Versions NetWin Authentication module (NWAuth) versions 2.0 through 3.0b SurgeFTP (affected versions not specified) DMail (affected versions not specified)

Description The issue is related to weak password hashing in the NetWin Authentication module. This could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Recommendations For NetWin Authentication module (NWAuth) versions 2.0 through 3.0b, consider updating the password hashing mechanism to a stronger algorithm. For SurgeFTP, update to a version that uses a secure password hashing mechanism, if available. For DMail, update to a version that uses a secure password hashing mechanism, if available. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.