> Suppose there is Mail server having port 25 open xyz.com
> an attacker login on Mail server through telnet and then try to send the
> mail but the he can only send a mail within the xyz company not outside
> ..so this will be consider as Vulnerability or not
Yes. Thankfully, this can be resolved by removing the legacy
/usr/bin/telnet program from the originating system.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
> an attacker login on Mail server through telnet and then try to send the
> mail but the he can only send a mail within the xyz company not outside
> ..so this will be consider as Vulnerability or not
Yes. Thankfully, this can be resolved by removing the legacy
/usr/bin/telnet program from the originating system.
/mzi
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]