Cleartext Storage of Credentials in Zarafa WebAccess and WebApp

Cleartext Storage of Credentials in Zarafa WebAccess and WebApp

CVE-2014-0103 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

Learn more about our Cis Benchmark Audit For Apache Http Server.