Computer Security
[EN] securityvulns.ru no-pyccku


DBMail unauthorized access
Published:22.04.2008
Source:
SecurityVulns ID:8934
Type:remote
Threat Level:
5/10
Description:It's possible to access any account without password if authldap is used.
Affected:DBMAIL : DBMail 2.2
CVE:CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.)
Original documentdocumentGENTOO, [ GLSA 200804-24 ] DBmail: Data disclosure (22.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod