CVE-1999-1366
published 1999-05-15CVE-1999-1366: Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the…
PriorityP44low3.6CVSS 2.0
AVLACLAuNCPIPAN
EPSS
0.20%
10.5th percentile
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_harris | pegasus_mail | <= 3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
David Harris Pegasus Mail 3.0 pmail.ini missing encryption
vuldb·2026-04-19·CVSS 3.6
CVE-1999-1366 [LOW] David Harris Pegasus Mail 3.0 pmail.ini missing encryption
A vulnerability was found in David Harris Pegasus Mail 3.0. It has been rated as problematic. Affected is an unknown function of the file pmail.ini. The manipulation leads to missing encryption of sensitive data.
This vulnerability is documented as CVE-1999-1366. The attack needs to be performed locally. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-h93v-m49q-355g: Pegasus e-mail client 3
ghsa_unreviewed·2022-04-30
CVE-1999-1366 [LOW] GHSA-h93v-m49q-355g: Pegasus e-mail client 3
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
1999-05-15
Published