CVE-2004-2313
published 2004-12-31CVE-2004-2313: Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.41%
69.3th percentile
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | courier | < courier 0.44.2-1 (bookworm) | courier 0.44.2-1 (bookworm) |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
| inter7 | sqwebmail | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-2313: courier - Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for inco...
vendor_debian·2004·CVSS 5.0
CVE-2004-2313 [MEDIUM] CVE-2004-2313: courier - Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for inco...
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
Scope: local
bookworm: resolved (fixed in 0.44.2-1)
bullseye: resolved (fixed in 0.44.2-1)
forky: resolved (fixed in 0.44.2-1)
sid: resolved (fixed in 0.44.2-1)
trixie: resolved (fixed in 0.44.2-1)
GHSA
GHSA-w796-x29v-gcg9: Inter7 SqWebMail 3
ghsa_unreviewed·2022-04-29
CVE-2004-2313 [MEDIUM] GHSA-w796-x29v-gcg9: Inter7 SqWebMail 3
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
OSV
CVE-2004-2313: Inter7 SqWebMail 3
osv·2004-12-31·CVSS 5.0
CVE-2004-2313 [MEDIUM] CVE-2004-2313: Inter7 SqWebMail 3
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2004-12-31
Published