search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext

Vulnerability Note VU#139139

Original Release Date: 2001-10-26 | Last Revised: 2001-10-26


Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext.


AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user authentication system that stores usernames and passwords in a plaintext file.


If an attacker can view the AMLServer password file (through direct access or another vulnerability), they can login as any AMLServer user.


Apply a patch when one is available. The CERT/CC is currently unaware of a practical solution to this problem.


Vendor Information

Affected   Unknown   Unaffected

Internet Software Solutions

Updated:  October 25, 2001



Vendor Statement

[O]ur new version has this fixed but is still in testing and should be out later this month [October, 2001]. The beta can be downloaded from

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Thanks to SNS Research for discovering this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: None
Severity Metric: 0.07
Date Public: 2001-06-18
Date First Published: 2001-10-26
Date Last Updated: 2001-10-26 02:05 UTC
Document Revision: 9

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.