Summary
DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue.
Impact
An Attacker could login in the SMTP server knowing only the username of one user in the server and he could sends emails. One important thing is that the user 'admin' always exists in the server.
Solution
Ask the vendor for an Update or disable 'anonymous LDAP bind' in your LDAP server.
Insight
The vulnerability allows an attacker to bypass the authentication in the SMTP server to send emails. The problem is that the SMTP server performs authentication against LDAP by default, and the service does not check that the password is null if this Base64. This creates a connection 'anonymous' but with a user account without entering the password.
Affected
DeepOfix 3.3 and below are vulnerable.
Detection
Try to bypass authentication for the user 'admin'
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-6796 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities
- Sendmail mail.local DOS
- Check if Mailserver answer to VRFY and EXPN requests
- Microsoft Windows SMTP Server DNS spoofing vulnerability
- Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability