NVD

Id
58708  
Name
CVE-2007-6714  
Description
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2008-04-17  
Modified Date
2011-03-07  
Seq
2007-6714  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
301165 58708 CVE-2007-6714 http://dbmail.org/index.php?page=news&id=44  View
301166 58708 CVE-2007-6714 GLSA-200804-24  View
301167 58708 CVE-2007-6714 [Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication.  View
301168 58708 CVE-2007-6714 28849  View
301169 58708 CVE-2007-6714 1019914  View
301170 58708 CVE-2007-6714 ADV-2008-1321  View
301171 58708 CVE-2007-6714 dbmail-authldap-security-bypass(41907)  View
301172 58708 CVE-2007-6714 FEDORA-2008-3333  View
301173 58708 CVE-2007-6714 FEDORA-2008-3371  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46493 JVNDB-2008-001803 DBMail の authldap における認証処理を回避される脆弱性 DBMail には、Active Directory のような匿名ログインをサポートしている LDAP サーバで authldap を使用している場合に認証処理を回避される脆弱性が存在します。 CVE-2007-6714 30069 CVE-2007-6714 58708 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001803.html 2008-02-09 2008-11-04 View