CVE-2025-34427
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-34427, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2025-12-17

Assigner: VulnCheck

Description

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2025-12-17
Generated
2026-07-06
AI Q&A
2025-12-10
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mailenable mailenable *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by checking for the presence of the AUTH.TAB file in MailEnable installations and verifying its permissions and contents. Specifically, you can look for the AUTH.TAB file and check if it contains plaintext passwords and if its filesystem permissions allow read access to local authenticated users. Suggested commands on a system hosting MailEnable include: 1) Locate the AUTH.TAB file, typically under the MailEnable installation directory, e.g., using 'dir /s AUTH.TAB' on Windows. 2) Check the file permissions with 'icacls AUTH.TAB' to see if non-administrative users have read access. 3) Inspect the file contents (if permitted) with 'type AUTH.TAB' to see if passwords are stored in cleartext. These steps help identify if the vulnerable condition exists on the system.

Executive Summary

This vulnerability exists in MailEnable versions prior to 10.54, where user and administrative passwords are stored in cleartext within the AUTH.TAB file. The file has overly permissive filesystem access, allowing a local authenticated user with read access to recover all user passwords and super-admin credentials. This enables unauthorized access to MailEnable services such as POP3, SMTP, or the webmail interface.

Impact Analysis

An attacker who gains local authenticated access and can read the AUTH.TAB file can obtain all user and administrative passwords in plaintext. This can lead to account takeover, unauthorized mailbox access, and administrative control over MailEnable services, potentially compromising sensitive email communications and system integrity.

Mitigation Strategies

To mitigate this vulnerability, immediately restrict filesystem permissions on the AUTH.TAB file to prevent unauthorized read access. Ensure that only trusted administrative users have access to this file. Additionally, upgrade MailEnable to version 10.54 or later where this issue is resolved. Consider resetting all user and administrative passwords after applying these changes to prevent compromised credentials from being used.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart