oss-sec mailing list archives
Re: CVE request: DBMail <2.2.9
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 17 Apr 2008 17:06:52 -0400 (EDT)
====================================================== Name: CVE-2007-6714 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6714 Reference: MLIST:[Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication. Reference: URL:http://www.mail-archive.com/dbmail-dev () dbmail org/msg09942.html Reference: CONFIRM:http://dbmail.org/index.php?page=news&id=44 DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Current thread:
- CVE request: DBMail <2.2.9 Matthias Geerdsen (Apr 17)
- Re: CVE request: DBMail <2.2.9 Steven M. Christey (Apr 17)