Authentication flaw

2014-10-2620:55:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.084 Low

EPSS

Percentile

94.5%

JSON

The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.

CPENameOperatorVersion
deepofixle3.3

CPE	Name	Operator	Version
	deepofix	le	3.3

References

packetstormsecurity.com/files/124054

www.osvdb.org/100007

www.securityfocus.com/bid/63793

exchange.xforce.ibmcloud.com/vulnerabilities/89077

www.exploit-db.com/exploits/29706