CVE-2001-0990

medium

Description

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7076

http://www.securityfocus.com/bid/3284

http://www.securityfocus.com/archive/1/212036

http://www.inter7.com/vpopmail/ChangeLog

Details

Source: Mitre, NVD

Published: 2001-09-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00069