CVE-2001-1354 — MEDIUM severity vulnerability (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as imple)
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
| CVE ID | CVE-2001-1354 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 4.6 |
| CVSS vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2001-07-20 |
| Last modified | 2026-04-16 |
| Description | NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →