Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
DeepOfix SMTP Authentication Bypass
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue.
Insight
Insight
The vulnerability allows an attacker to bypass the authentication in the SMTP server to send emails. The problem is that the SMTP server performs authentication against LDAP by default, and the service does not check that the password is null if this Base64. This creates a connection 'anonymous' but with a user account without entering the password.
Affected Software
Affected Software
DeepOfix 3.3 and below are vulnerable.
Detection Method
Detection Method
Try to bypass authentication for the user 'admin'.
Solution
Solution
Ask the vendor for an Update or disable 'anonymous LDAP bind' in your LDAP server.