Reported January 9, 2002, by Chris Lathem.

VERSION AFFECTED

  • Nevrona MiraMail 1.4 for Windows

 

DESCRIPTION
A vulnerability exists in Nevrona MiraMail 1.4 because the system stores all account information and variables that it uses in .ini files in plain text. Any user with access to these .ini files can steal or modify account information, passwords, and groups with impunity.

<span style="font-family:Verdana"> <p></p>
</h3>

VENDOR RESPONSE

The vendor, Nevrona Designs, has been notified and will issue version 1.5., which will encrypt the vulnerable .ini files.

 

CREDIT
Discovered by Chris Lathem of http://www.lathemonline.com.