PT-2004-2021 · Kerio · Kerio Serverfirewall+2

Javier Munoz

Published

2004-12-15

Updated

2017-07-11

CVE-2004-1022

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Kerio Winroute Firewall versions prior to 6.0.7 Kerio ServerFirewall versions prior to 1.0.1 Kerio MailServer versions prior to 6.0.5

Description: The issue allows attackers to decrypt the user database and obtain passwords by extracting a secret key from within the software, due to the use of symmetric encryption for user passwords.

Recommendations: For Kerio Winroute Firewall versions prior to 6.0.7, update to version 6.0.7 or later to resolve the issue. For Kerio ServerFirewall versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. For Kerio MailServer versions prior to 6.0.5, update to version 6.0.5 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1022

Affected Products

Kerio Mailserver

Kerio Serverfirewall

Kerio Winroute Firewall

PT-2004-2021 · Kerio · Kerio Serverfirewall+2

CVE-2004-1022

Related Identifiers

Affected Products

References · 7