var-199912-0146
Vulnerability from variot
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover's post to Bugtraq, linked to in full in the Credits section. ENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it's ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character's new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. Example: Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Unencrypted Password: rocks r = 114 o = 111 c = 99 k = 107 s = 115 (ASCII value + offset) - difference: offset: (109 - 97) = 12 (114 + 12) - 0 = 126 (111 + 12) - 4 = 119 (99 + 12) - 2 = 109 (107 + 12) - 8 = 111 (115 + 12) - 0 = 127 126 = DF 119 = D8 109 = CE 111 = D0 127 = E0 Encrypted Password: DFD8CED0E0 The decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to 'a'. EXAMPLE Account Name: mike m = 109 i = 105 k = 107 e = 101 Differences: First - First: 0 First - Second: 4 First - Third: 2 First - Fourth: 8 Encrypted Password: DFD8CED0E0 DF = 126 D8 = 119 CE = 109 D0 = 111 E0 = 127 Add Difference: 126 + 0 = 126 119 + 4 = 123 109 + 2 = 111 111 + 8 = 119 127 + 0 = 127 Look up in table (see http://www.w00w00.org/imail_map.txt): 126 = r 123 = o 111 = c 119 = k 127 = s Unencrypted Password: rocks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199912-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.0"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.8"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.7"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.6"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0.5"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Posted to Bugtraq on December 21, 1999 by Matt Conover \u003cshok@cannabis.dataforce.net\u003e.",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"cve": "CVE-1999-1497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-1999-1497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-1478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-1497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-1478",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts. The encryption scheme used is weak and has been broken. The following description of the mechanism used is quoted from Matt Conover\u0027s post to Bugtraq, linked to in full in the Credits section. \nENCRYPTION SCHEME Take the lowercase of the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Take each letter of the password, find it\u0027s ASCII equivalent and add the offset (ASCII value of first char of the account name minus 97) then subtract the corresponding difference. Use the differences recursively if the password length is greater than the length of the account name. This gives you the character\u0027s new ASCII value. Next, Look it up the new ASCII value in the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt) and you now have the encrypted letter. \nExample:\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nUnencrypted Password: rocks\nr = 114\no = 111\nc = 99\nk = 107\ns = 115\n(ASCII value + offset) - difference:\noffset: (109 - 97) = 12\n(114 + 12) - 0 = 126\n(111 + 12) - 4 = 119\n(99 + 12) - 2 = 109\n(107 + 12) - 8 = 111\n(115 + 12) - 0 = 127\n126 = DF\n119 = D8\n109 = CE\n111 = D0\n127 = E0\nEncrypted Password: DFD8CED0E0\nThe decryption scheme is a little easier. First, like the encryption scheme, take the account name, split it up by letter and convert each letter to its ASCII equivalent. Next, find the difference between each letter and the first letter. Now split the encrypted password by two characters (e.g., EFDE = EF DE) then look up their ASCII equivalent within the ASCII-ENCRYPTED table (see http://www.w00w00.org/imail_map.txt). Take that ASCII value and add the corresponding difference.Look this value up in the ascii table. This table is made by taking the ASCII value of the first character of the account name and setting it equal to \u0027a\u0027. \nEXAMPLE\nAccount Name: mike\nm = 109\ni = 105\nk = 107\ne = 101\nDifferences:\nFirst - First: 0\nFirst - Second: 4\nFirst - Third: 2\nFirst - Fourth: 8\nEncrypted Password: DFD8CED0E0\nDF = 126\nD8 = 119\nCE = 109\nD0 = 111\nE0 = 127\nAdd Difference:\n126 + 0 = 126\n119 + 4 = 123\n109 + 2 = 111\n111 + 8 = 119\n127 + 0 = 127\nLook up in table (see http://www.w00w00.org/imail_map.txt):\n126 = r\n123 = o\n111 = c\n119 = k\n127 = s\nUnencrypted Password: rocks",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
},
{
"db": "BID",
"id": "880"
},
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1478",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-1497",
"trust": 2.0
},
{
"db": "BID",
"id": "880",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "19991221 [W00GIVING \u002799 #11] IMAIL\u0027S PASSWORD ENCRYPTION SCHEME",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "401",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19683",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1478",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"id": "VAR-199912-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:57:22.859000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/880"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/archive/1/39329"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1478"
},
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1999-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "1999-12-19T00:00:00",
"db": "BID",
"id": "880"
},
{
"date": "1999-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"date": "1999-12-21T05:00:00",
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-1478"
},
{
"date": "2009-07-11T01:56:00",
"db": "BID",
"id": "880"
},
{
"date": "2007-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199912-063"
},
{
"date": "2024-11-20T23:31:15.427000",
"db": "NVD",
"id": "CVE-1999-1497"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IMail Weak Password Encryption Vulnerability",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "880"
},
{
"db": "CNNVD",
"id": "CNNVD-199912-063"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…