Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2001-1354

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

  • Published: Jul 20, 2001
  • Updated: Apr 13, 2023
  • CVE: CVE-2001-1354
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.6
  • AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
netwin / dmail 2.8e 2.8e.x
netwin / dmail 2.7q 2.7q.x
netwin / surgeftp 1.0b 1.0b.x
netwin / dmail 2.8g 2.8g.x
netwin / dmail 2.8f 2.8f.x
netwin / surgeftp 2.0a 2.0a.x
netwin / dmail 2.5d 2.5d.x
netwin / dmail 2.7 2.7.x
netwin / dmail 2.8i 2.8i.x
netwin / dmail 2.7r 2.7r.x
netwin / dmail 2.8h 2.8h.x
netwin / surgeftp 2.0b 2.0b.x