CVE-2007-6714

Published Apr 17, 2008

Last updated 11 days ago

CVSS info 6.8

Overview

Description: DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA4DB4CD-B262-4247-BD2E-F092BA6537BE"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2580139-D5DB-4B4D-B6E7-F0957D4EE5FA"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2FD1538-8288-4156-A181-BA077CED44A8"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D65C8E14-7FB2-41E5-8C74-5509D2FC4AB9"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E76AF034-85D5-40F3-8C5B-85DBCCDF4E5A"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10D91F87-6055-4186-855E-0BC198C0FF31"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.7:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51B8C537-0501-413B-8BE1-35D8845194B2"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "604DBA7B-4C2A-425E-B243-677C0F3AB6C7"
          },
          {
            "criteria": "cpe:2.3:a:dbmail:dbmail:2.2.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7839DDA0-A977-4AE4-B1D4-28D0472E8EB0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References