CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2005-4157
https://notcve.org/view.php?id=CVE-2005-4157
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. • http://secunia.com/advisories/17519 http://securitytracker.com/alerts/2005/Nov/1015194.html http://www.kerio.com/kwf_history.html http://www.securityfocus.com/bid/15388 http://www.vupen.com/english/advisories/2005/2391 https://exchange.xforce.ibmcloud.com/vulnerabilities/23035 •
CVSS: 2.1EPSS: 0%CPEs: 53EXPL: 0CVE-2004-1022
https://notcve.org/view.php?id=CVE-2004-1022
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio Winroute Firewall anteriores a 6.0.7, ServerFirewall anteriores a 1.0.1, y MailServer anteriores a 6.0.5 usan cifrado simétrico para contraseñas de usuario, lo que permite a atacantes descifrar la base de datos de usuarios y obtener las contraseñas extrayendo la clave secreta del software. • http://marc.info/?l=bugtraq&m=110304957607578&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18470 •