VDB
CVE-2007-6714
CVE-2007-6714
PUBLISHED
CVSS 6.800000190734863 MEDIUM
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
EPSS 1.63% · 82.3th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
1.63%
82.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dbmail | dbmail | 2.2.6, 2.2.6, 2.2.7 |
| n/a | n/a | * |
Timeline
- Apr 17, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://dbmail.org/index.php?page=news&id=44 patch
- GLSA-200804-24 vendor-advisory
- 28849 vdb
- dbmail-authldap-security-bypass(41907) vdb
- 44561 vdb
- 29903 third-party-advisory
- 1019914 vdb
- FEDORA-2008-3333 vendor-advisory
- 29984 third-party-advisory
- ADV-2008-1321 vdb
- FEDORA-2008-3371 vendor-advisory
- 29937 third-party-advisory
- [Dbmail-dev] 20071216 [DBMail 0000662]: Ability to bypass authentication. mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2007-6714 advisory
- http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html url