Summary
We detected the remote web server is
running WorldClient for MDaemon. This web server enables attackers with the proper username and password combination to access locally stored mailboxes.
In addition, earlier versions of WorldClient suffer from buffer overflow vulnerabilities, and web traversal problems (if those are found the Risk factor is higher).
Solution
Make sure all usernames and passwords are adequately long and that only authorized networks have access to this web server's port number (block the web server's port number on your firewall).
For more information see:
http://www.securiteam.com/cgi-bin/htsearch?config=htdigSecuriTeam&words=WorldClient
Severity
Classification
-
CVE CVE-2000-0660 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)