|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Lathem (clathem
skyhawke.com)Date: Wed Jan 09 2002 - 15:45:42 CST
('binary' encoding is not supported, stored as-is)
Released: January 9, 2002
Discovered: January 3, 2002 by Chris Lathem
chrislathemonline.com
Program Overview: MiraMail is a fairly new program
to the market, and is intended to be used as a news
server. It is developed and maintained by Nevrona
Designs. For more information please see
www.nevrona.com/miramail. The problem in MiraMail
lies in the way it stores its variables: Everything is
stored in an ".ini" file in plain text. This includes POP
account usernames and passwords. This is not
limited to the POP accounts either. The user
accounts and groups are also stored in the same file,
all in plain text. Any user with access to the directory
in which MiraMail is installed can potentially "snoop"
the file for accounts and passwords, or could add
additional users or groups with ease.
Status: Vendor was contacted on January 3, and
acknowledged the problem. According to the vendor,
the next version to be released (1.05) will encrypt
the .ini file with md5 encryption, and will be released
in the next couple of weeks.
Cheers,
Chris Lathem
chrislathemonline.com
http://www.lathemonline.com
--------------------------------------------------------------------
Please be nice to me, this is my first post.
=~]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]