Computer Security
[EN] no-pyccku

DBMail unauthorized access
SecurityVulns ID:8934
Threat Level:
Description:It's possible to access any account without password if authldap is used.
Affected:DBMAIL : DBMail 2.2
CVE:CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.)
Original documentdocumentGENTOO, [ GLSA 200804-24 ] DBmail: Data disclosure (22.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod