Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103833
Category:SMTP problems
Title:DeepOfix SMTP Authentication Bypass
Summary:DeepOfix versions 3.3 and below suffer from an SMTP server authentication; bypass vulnerability due to an LDAP issue.
Description:Summary:
DeepOfix versions 3.3 and below suffer from an SMTP server authentication
bypass vulnerability due to an LDAP issue.

Vulnerability Insight:
The vulnerability allows an attacker to bypass the authentication in the SMTP server
to send emails. The problem is that the SMTP server performs authentication against
LDAP by default, and the service does not check that the password is null if this
Base64. This creates a connection 'anonymous' but with a user account without entering
the password.

Vulnerability Impact:
An Attacker could login in the SMTP server knowing only the username of one user in the
server and he could sends emails. One important thing is that the user 'admin' always exists in the server.

Affected Software/OS:
DeepOfix 3.3 and below are vulnerable.

Solution:
Ask the vendor for an Update or disable 'anonymous LDAP
bind' in your LDAP server.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-6796
BugTraq ID: 63793
http://www.securityfocus.com/bid/63793
http://www.exploit-db.com/exploits/29706
http://packetstormsecurity.com/files/124054
http://www.osvdb.org/100007
XForce ISS Database: deepofix-cve20136796-security-bypass(89077)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89077
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.