MailEnable Cleartext Credential Storage Vulnerability Allowing Account Takeover

A vulnerability exists in MailEnable versions prior to 10.54 due to the cleartext storage of credentials. User and administrative passwords are stored in plaintext in the AUTH.TAB file, which has overly permissive filesystem access. This allows a local authenticated user with read access to the file to retrieve all user passwords and super-admin credentials. These credentials can then be used to access MailEnable services such as POP3, SMTP, or the webmail interface, leading to unauthorized access to mailboxes and administrative control.

Impact

Exploitation of this vulnerability could result in local credential compromise, allowing an attacker to take over user accounts or super-admin accounts, and gain unauthorized access to mailboxes and administrative functions within MailEnable.