• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Novell GroupWise 6 Post Office LDAP Authentication Bypass Vulnerability

GroupWise 6 is a directory service available from Novell. It is designed for use on the Microsoft Windows platforms.

When GroupWise is executed as any user, and the password field is left blank, it is possible to gain access to the account of the user without authenication. This problem occurs when GroupWise has been configured to use LDAP authentication and the security configuration of PostOffice leaves the LDAP username and password fields blank.