Info

Disclosure

May 15, 1999

Discovery

Unknown

Dates

Exploit

May 15, 1999

Solution

Unknown

Description

Pegasus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when passwords are saved to \mail\USER\pmail.ini using weak encryption. This may allow a local attacker to gain access to any passwords stored in the file.

Classification

Location: Local Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

David Harris

Pegasus Mail

3.0

References

CVE ID: 1999-1366 (see also: NVD)
ISS X-Force ID: 8430
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_2/0502.html
http://www.securiteam.com/securitynews/2DVQ8QAQKQ.html
Other Advisory URL: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=1864

Credit

galldor - galldormicrohack.com -

Direct URL: http://osvdb.org/36218