-----BEGIN PGP SIGNED MESSAGE-----
On 10/26/2012 01:54 PM, Josh Bressers wrote:
This Squirrelmail plugin came to my attention a few weeks back:
It's from 2004, which is suspect in itself, but I took a look
someone asked. It's pretty scary in there.
If I was to list the security problems I found after a few minutes
of looking, they are:
* It uses MD5 passwords
Going with this one since there's a good number of MD5 related CVE's
Please use CVE-2012-5623 for this issue.