Back to search
CVE-2007-6714
Published: Apr 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-200804-24
vendor-advisory
x_refsource_GENTOO
28849
vdb-entry
x_refsource_BID
dbmail-authldap-security-bypass(41907)
vdb-entry
x_refsource_XF
44561
vdb-entry
x_refsource_OSVDB
29903
third-party-advisory
x_refsource_SECUNIA
1019914
vdb-entry
x_refsource_SECTRACK
FEDORA-2008-3333
vendor-advisory
x_refsource_FEDORA
29984
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1321
vdb-entry
x_refsource_VUPEN
FEDORA-2008-3371
vendor-advisory
x_refsource_FEDORA
29937
third-party-advisory
x_refsource_SECUNIA
[Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication.
mailing-list
x_refsource_MLIST
http://dbmail.org/index.php?page=news&id=44
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now