|Title:||DeepOfix SMTP Authentication Bypass|
|Summary:||DeepOfix versions 3.3 and below suffer from an SMTP server authentication; bypass vulnerability due to an LDAP issue.|
DeepOfix versions 3.3 and below suffer from an SMTP server authentication
bypass vulnerability due to an LDAP issue.
The vulnerability allows an attacker to bypass the authentication in the SMTP server
to send emails. The problem is that the SMTP server performs authentication against
LDAP by default, and the service does not check that the password is null if this
Base64. This creates a connection 'anonymous' but with a user account without entering
An Attacker could login in the SMTP server knowing only the username of one user in the
server and he could sends emails. One important thing is that the user 'admin' always exists in the server.
DeepOfix 3.3 and below are vulnerable.
Ask the vendor for an Update or disable 'anonymous LDAP
bind' in your LDAP server.
Common Vulnerability Exposure (CVE) ID: CVE-2013-6796|
BugTraq ID: 63793
XForce ISS Database: deepofix-cve20136796-security-bypass(89077)
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.