MiraMail 1.04 can give POP account access and details

[Chris Lathem <clathem () skyhawke com>]

Released: January 9, 2002
Discovered: January 3, 2002 by Chris Lathem
chris () lathemonline com

Program Overview: MiraMail is a fairly new program 
to the market, and is intended to be used as a news 
server.  It is developed and maintained by Nevrona 
Designs. For more information please see 
www.nevrona.com/miramail. The problem in MiraMail 
lies in the way it stores its variables: Everything is 
stored in an ".ini" file in plain text. This includes POP 
account usernames and passwords. This is not 
limited to the POP accounts either. The user 
accounts and groups are also stored in the same file, 
all in plain text. Any user with access to the directory 
in which MiraMail is installed can potentially "snoop" 
the file for accounts and passwords, or could add 
additional users or groups with ease.

Status: Vendor was contacted on January 3, and 
acknowledged the problem. According to the vendor, 
the next version to be released (1.05) will encrypt 
the .ini file with md5 encryption, and will be released 
in the next couple of weeks. 

Cheers,
Chris Lathem
chris () lathemonline com
http://www.lathemonline.com
--------------------------------------------------------------------
Please be nice to me, this is my first post. 
=~]