CVE-2004-2313 - Unstuck Summer

Description

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root) which allows remote attackers to guess the root password via brute force attacks.

Reference

http://www.securityfocus.com/archive/1/352317 http://www.securityfocus.com/bid/9541 https://exchange.xforce.ibmcloud.com/vulnerabilities/15058