[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6714Date: (C)2008-04-17   (M)2023-12-22


DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1019914
BID-28849
SECUNIA-29903
SECUNIA-29937
SECUNIA-29984
OSVDB-44561
ADV-2008-1321
FEDORA-2008-3333
FEDORA-2008-3371
GLSA-200804-24
http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
dbmail-authldap-security-bypass(41907)
http://dbmail.org/index.php?page=news&id=44

CWE    1
CWE-287

© SecPod Technologies