CVE-2001-1354

NetWin Authentication module - Info Disclosure

Title source: llm

Description

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by byterage · clocalmultiple

https://www.exploit-db.com/exploits/21020

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6866

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/3075

[Vendor Advisory] http://online.securityfocus.com/archive/1/198293

Scores

EPSS 0.0038

EPSS Percentile 59.2%

Details

Status published

Products (12)

netwin/dmail 2.5d

netwin/dmail 2.7

netwin/dmail 2.7q

netwin/dmail 2.7r

netwin/dmail 2.8e

netwin/dmail 2.8f

netwin/dmail 2.8g

netwin/dmail 2.8h

netwin/dmail 2.8i

netwin/surgeftp 1.0b

... and 2 more

Published Jul 20, 2001

Tracked Since Feb 18, 2026