|
|
CVE Reference: CVE-2007-6714 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-6714 |
|
|
Description: DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/41907 ST 1019914 SAID Secunia Advisory: SA29903 Secunia Advisory: SA29937 Secunia Advisory: SA29984 OSVDB 44561 MLIST http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml FEDORA CONFIRM http://dbmail.org/index.php?page=news&id=44 BID 28849 |
|
| Return to the previous page. |
