DeepOfix SMTP Authentication Bypass Network Vulnerability

Summary

DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue.

Impact

An Attacker could login in the SMTP server knowing only the username of one user in the server and he could sends emails. One important thing is that the user 'admin' always exists in the server.

Solution

Ask the vendor for an Update or disable 'anonymous LDAP bind' in your LDAP server.

Insight

The vulnerability allows an attacker to bypass the authentication in the SMTP server to send emails. The problem is that the SMTP server performs authentication against LDAP by default, and the service does not check that the password is null if this Base64. This creates a connection 'anonymous' but with a user account without entering the password.

Affected

DeepOfix 3.3 and below are vulnerable.

Detection

Try to bypass authentication for the user 'admin'

References

http://packetstormsecurity.com/files/124054/DeepOfix-3.3-SMTP-Authentication-Bypass.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6796
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Take action and discover your vulnerabilities