Total vulnerabilities in the database
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
Software | From | Fixed in |
---|---|---|
inter7 / sqwebmail | 3.5.0 | 3.5.0.x |
inter7 / sqwebmail | 3.4.1 | 3.4.1.x |
inter7 / sqwebmail | 3.6.0 | 3.6.0.x |
inter7 / sqwebmail | 3.6.1 | 3.6.1.x |
inter7 / sqwebmail | 3.5.3 | 3.5.3.x |
inter7 / sqwebmail | 3.5.2 | 3.5.2.x |
inter7 / sqwebmail | 3.5.1 | 3.5.1.x |