search menu icon-carat-right cmu-wordmark

CERT Coordination Center

NuPoint Messenger server transmits authentication credentials in plain text

Vulnerability Note VU#576996

Original Release Date: 2009-05-06 | Last Revised: 2009-05-08


NuPoint Messenger is a unified communications product that connects to a Microsoft Exchange server. When communicating with the mail server, the NuPoint Messenger server transmits Exchange usernames and passwords in cleartext.


The NuPoint Messenger server can connect to a Microsoft Exchange server via the IMAP or MAPI protocols. During the authentication process, the NuPoint server will send user domain authentication credentials in cleartext to the Exchange server. Older versions of the NuPoint Messenger product may transmit the NuPoint server's root password without encryption instead of individual usernames and passwords. Administrators are encouraged review the "NuPoint communication with MS Exchange" document for more information.


An attacker with access to network data may be able to obtain domain (Exchange) usernames and passwords.


There is no solution to this issue. Administrators are encourgaed to review the below workarounds to mitigate the impact of this vulnerability.

Encrypt connections between NuPoint and Exchange Servers

    • If the MAPI protocol is enabled, connections from the NuPoint server will be encrypted.
    • Using IPSec or some other VPN technology to encrypt the connection between the NuPoint and Exchange server will mitigate this vulnerability.

Restrict access

The NuPoint Messenger server should not use IMAP to connect to remote Exchange servers. If IMAP is enabled, the NuPoint server should be directly connected to the same isolated network as the Exchange server that it is communicating with.

Vendor Information


Mitel Networks, Inc. Affected

Notified:  April 30, 2009 Updated: May 05, 2009



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


See for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base 0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0 E:ND/RL:ND/RC:ND
Environmental 0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND



Simon Laurin of Simon Laurin Services-Conseils inc. reported this issue and provided valuable feedback. Mitel provided technical information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 1.80
Date Public: 2008-12-04
Date First Published: 2009-05-06
Date Last Updated: 2009-05-08 19:22 UTC
Document Revision: 26

Sponsored by CISA.