VULHUB ™

SqWebMail leaks sensitive information in authentication responses that may permit aid an attacker in brute forcing the root password on the underlying operating system. The software reportedly issues different responses when the user authenticates successfully as the root user then when a failed attempt occurs. This may provide a covert means of brute-forcing the root password (or possibly other passwords) via the SqWebMail interface.

SqWebMail leaks sensitive information in authentication responses that may permit aid an attacker in brute forcing the root password on the underlying operating system. The software reportedly issues different responses when the user authenticates successfully as the root user then when a failed attempt occurs. This may provide a covert means of brute-forcing the root password (or possibly other passwords) via the SqWebMail interface.