Weak Password Hashing Vulnerability in NetWin Authentication Module

Weak Password Hashing Vulnerability in NetWin Authentication Module

CVE-2001-1354 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Learn more about our User Device Pen Test.