AMLServer Plaintext Password Vulnerability

Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway.

AMLServer stores its password file in plaintext. The effect is that attackers who've found a way to disclose the password file can access password protected AMLServer services.

NOTE: Two other vulnerabilities exist in AMLServer which enhance the exploitability of this vulnerability. These are BID 2883 and BID 2881.


Privacy Statement
Copyright 2010, SecurityFocus