MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.