Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability

[Peter Conrad <conrad () tivano de>]

Hi,

demonalex () 163 com schrieb am 08.01.2012 um 15:10:
> Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability
>
> Bug Description :
> Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail 
without password by using usual tcp client(such as telnet).
> And it did not have SMTP authentication contoller.
>
> POC(Remarks: domain alex.com and user alex () alex com must be exists in 
configuration for this test case):
> > telnet 127.0.0.1 25
> 220 TEST-121F797342 SMTP ready.
> EHLO mail_of_alert
> 500 Not supported. Use HELO
> MAIL FROM: <alex () alex com>
> 250 OK
> RCPT TO: <alex () alex com>
> 250 OK
> Data
> 354 Start mail input; end with <CRLF>.<CRLF>
> From: "alex () alex com" <alex () alex com>
> To: "alex () alex com" <alex () alex com>
> Subject: authenticate is not required!

erm... where's the bug? If the mailer is configured to receive
mail for alex () alex com, why should it require SMTP authentication
for incoming mails to that address?

Anyway, SMTP authentication is not a requirement for an MTA, so
the lack of such can hardly be called a bug.


Bye,
        Peter
-- 
Peter Conrad
Tivano Software GmbH
Bahnhofstr. 18
63263 Neu-Isenburg
Tel: 06102 / 8099070
Fax: 06102 / 8099071
HRB 11680, AG Offenbach/Main
Geschäftsführer: Martin Apel