CVE Vulnerability

CVE-2007-6714

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html Exploit
http://dbmail.org/index.php?page=news&id=44 Patch
http://www.securityfocus.com/bid/28849
http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
http://www.securitytracker.com/id?1019914
http://secunia.com/advisories/29903
http://secunia.com/advisories/29937
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html
http://secunia.com/advisories/29984
http://osvdb.org/44561
http://www.vupen.com/english/advisories/2008/1321/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
Configurations

Configuration 1

cpe:2.3:a:dbmail:dbmail:2.2.7:rc3:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:dbmail:dbmail:2.2.7:rc4:*:*:*:*:*:*
Information

Published : 2008-04-17 10:05

Updated : 2017-08-08 01:29

NVD link : CVE-2007-6714

Mitre link : CVE-2007-6714

Products Affected
No products.
CWE
CWE-287