|CVSS SCORE||1.9, (AV:L/AC:M/Au:N/C:P/I:N/A:N)|
Encryption for Email Gateway
The specific flaw exists within the DBCrypto class. When storing user passwords, the process stores them in a recoverable format using a hard-coded key. An attacker can then leverage this vulnerability to decrypt existing passwords.
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Steven Seeley of Source Incite