CVE Catalog
CVE-1999-1366
LowExploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, allowing local users to easily decrypt the passwords and read e-mail.
Risk Assessment
Weak password protection may lead to unauthorized access to email accounts, posing a risk of confidential information leakage.
Recommendation
It is recommended to update the Pegasus client to the latest version that employs stronger password encryption methods.
Original NVD description (English source)
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.

