Vulnerability Description
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dbmail | Dbmail | 2.2.6 |
Related Weaknesses (CWE)
References
- http://dbmail.org/index.php?page=news&id=44Patch
- http://osvdb.org/44561
- http://secunia.com/advisories/29903
- http://secunia.com/advisories/29937
- http://secunia.com/advisories/29984
- http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
- http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
- http://www.securityfocus.com/bid/28849
- http://www.securitytracker.com/id?1019914
- http://www.vupen.com/english/advisories/2008/1321/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html
- http://dbmail.org/index.php?page=news&id=44Patch
- http://osvdb.org/44561
FAQ
What is CVE-2007-6714?
CVE-2007-6714 is a vulnerability with a CVSS score of 6.8 (MEDIUM). DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which cause...
How severe is CVE-2007-6714?
CVE-2007-6714 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6714?
Check the references section above for vendor advisories and patch information. Affected products include: Dbmail Dbmail.