Netwin DMailWeb & CWMail Server Mail Relaying Vulnerability

It is possible to login and send mail through a DMailWin and CWMail Server without being a registered user. A remote user can accomplish this by using a specially malformed username containing a carriage return.


 

Privacy Statement
Copyright 2010, SecurityFocus