Skip to main content

CVE-1999-1354: E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords

Medium
VulnerabilityCVE-1999-1354cve-1999-1354
Published: Mon Aug 30 1999 (08/30/1999, 04:00:00 UTC)
Source: NVD
Vendor/Project: softarc
Product: firstclass_internet_server

Description

E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG when logging is enabled.

AI-Powered Analysis

AILast updated: 07/01/2025, 15:57:06 UTC

Technical Analysis

CVE-1999-1354 is a vulnerability found in the e-mail client component of Softarc FirstClass Internet Server versions 5.506 and earlier. The core issue is that the client stores usernames and passwords in cleartext within local files on the user's system. Specifically, these credentials are stored in files named home.fc for version 5.506, network.fc for version 3.5, or FCCLIENT.LOG when logging is enabled. Because these files contain sensitive authentication data in an unencrypted form, any user or attacker with access to the local file system can easily retrieve these credentials. This vulnerability arises from poor credential management and lack of encryption or secure storage mechanisms. The CVSS score assigned is 4.6 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no authentication required (Au:N), and partial impact on confidentiality, integrity, and availability (C:P/I:P/A:P). There is no patch available for this vulnerability, and no known exploits have been reported in the wild. Given the age of this vulnerability (published in 1999), it primarily affects legacy systems still running these outdated versions of the FirstClass Internet Server software. The vulnerability can lead to credential compromise, which in turn can allow unauthorized access to email accounts and potentially further internal systems if credentials are reused or if the attacker escalates privileges.

Potential Impact

For European organizations, the impact of this vulnerability depends largely on whether legacy Softarc FirstClass Internet Server installations are still in use. If so, the exposure of cleartext credentials could lead to unauthorized access to corporate email accounts, resulting in potential data breaches, loss of sensitive communications, and further lateral movement within the network. This could compromise confidentiality and integrity of communications and potentially availability if attackers disrupt email services. Additionally, compromised credentials could be leveraged for phishing or social engineering attacks targeting European employees or partners. Although the vulnerability requires local access to the affected machine, insider threats or attackers who have gained initial footholds could exploit this to escalate access. The lack of patches means organizations must rely on compensating controls. Given the age of the vulnerability, it is less likely to affect modern environments but remains a risk in legacy or poorly maintained systems, which may still be present in some European institutions, especially in sectors with long technology refresh cycles such as government, education, or certain industries.

Mitigation Recommendations

Since no patch is available for this vulnerability, European organizations should focus on the following specific mitigations: 1) Identify and inventory any legacy Softarc FirstClass Internet Server installations and assess whether they are still in use. 2) If legacy systems are found, plan for immediate migration to modern, supported email platforms that implement secure credential storage. 3) Restrict local file system access on affected machines to trusted administrators only, minimizing the risk of unauthorized users reading the cleartext credential files. 4) Implement endpoint security controls such as file integrity monitoring to detect unauthorized access or modification of the credential files (home.fc, network.fc, FCCLIENT.LOG). 5) Enforce strong internal access controls and network segmentation to limit the ability of attackers to gain local access to vulnerable systems. 6) Educate users about the risks of credential reuse and encourage use of unique, strong passwords to limit the impact if credentials are compromised. 7) Monitor for unusual login activity or access patterns that could indicate credential compromise. 8) If logging is enabled, consider disabling or securing FCCLIENT.LOG files to prevent leakage of credentials. These steps go beyond generic advice by focusing on legacy system identification, access control hardening, and compensating controls tailored to the nature of this vulnerability.

Need more detailed analysis?Get Pro

Threat ID: 682ca32cb6fd31d6ed7df1e8

Added to database: 5/20/2025, 3:43:40 PM

Last enriched: 7/1/2025, 3:57:06 PM

Last updated: 8/17/2025, 7:35:53 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats