Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Kerio mailserver and server firewall vulnerabiliti
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-14-2004, 08:01 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thumbs down
Javier Munoz has reported a security issue in Kerio MailServer and Kerio ServerFirewall, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information.

The problem is that user passwords are stored in the user credential database using symmetric encryption. This may allow malicious users with access to the database to gain knowledge of the passwords by decrypting them using a key hidden in the program logic.

NOTE: A problem with insecure ACLs has also been reported.

Solution:
Update to Kerio MailServer 6.0.5 and Kerio ServerFirewall 1.0.1.

http://www.kerio.com/kerio.html
Reply With Quote
Posted


Reply

« Previous Thread | Next Thread »
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 10:12 PM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

Firefox 2