Minimalist Pipe Authentication Bypass

2000-10-03T00:00:00
ID OSVDB:2938
Type osvdb
Reporter OSVDB
Modified 2000-10-03T00:00:00

Description

Vulnerability Description

Minimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom "From:" header that ends with a "|" (pipe).

Solution Description

Upgrade to version 2.1(2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Minimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom "From:" header that ends with a "|" (pipe).

References:

Vendor Specific Advisory URL Generic Informational URL: http://www.mml.org.ua/