CVE Catalog

CVE-1999-1366

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, allowing local users to easily decrypt the passwords and read e-mail.

Risk Assessment

Weak password protection may lead to unauthorized access to email accounts, posing a risk of confidential information leakage.

Recommendation

It is recommended to update the Pegasus client to the latest version that employs stronger password encryption methods.

Original NVD description (English source)

Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS