Computer Security

DBMail unauthorized access
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



DBMail unauthorized access
Published:22.04.2008
Source:BUGTRAQ
SecurityVulns ID:8934
Type:remote
Level:5/10
Description:It's possible to access any account without password if authldap is used.
Affected:DBMAIL : DBMail 2.2
CVE:CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.)
Original documentdocumentGENTOO, [ GLSA 200804-24 ] DBmail: Data disclosure (22.04.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru