CVE-2005-1062

Name of the Vulnerable Software and Affected Versions Kerio WinRoute Firewall versions 6.x up to 6.0.10 Kerio Personal Firewall versions 4.x up to 4.1.2 Kerio MailServer versions up to 6.0.8

Description The issue allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. It is also possible to gain access to plain text passwords when an attacker knows at least one valid password and can connect to the remote administration port. This may lead to a loss of confidentiality, especially for passwords shorter than 6 characters.

Recommendations For Kerio WinRoute Firewall versions 6.x up to 6.0.10, consider disabling remote administration until a fix is available. For Kerio Personal Firewall versions 4.x up to 4.1.2, restrict access to the remote administration port to minimize the risk of exploitation. For Kerio MailServer versions up to 6.0.8, avoid using short passwords and limit connections to the remote administration port.