[原文]Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
SqWebMail contains a flaw related to the way SqWebMail generates error messages on-non-mail-enabled accounts, such as root, generating different error messages for incorrect passwords versus correct passwords. The issue is triggered when a remote or local attacker attempts to brute force the root or other password. This may allow an attacker to gain unauthorized access as root.
Upgrade to the latest version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.