CVE-2004-2313

Published: Dec 31, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.

Affected (7)

Products: Inter7: Sqwebmail

Inter7

1 product

Sqwebmail

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Inter7 Sqwebmail	Version 3.4.1
Inter7 Sqwebmail	Version 3.5.0
Inter7 Sqwebmail	Version 3.5.1
Inter7 Sqwebmail	Version 3.5.2
Inter7 Sqwebmail	Version 3.5.3
Inter7 Sqwebmail	Version 3.6.0
Inter7 Sqwebmail	Version 3.6.1

References (6)

http://www.securityfocus.com/archive/1/352317

Source: cve@mitre.org

http://www.securityfocus.com/bid/9541

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/15058

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/352317

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/9541

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/15058

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.