Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-6714

Date: April 17, 2008

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Severity Score

Related Resources (16)

http://osvdb.org/44561
http://www.securitytracker.com/id?1019914
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6714
http://www.securityfocus.com/bid/28849
http://www.vupen.com/english/advisories/2008/1321/references
https://nvd.nist.gov/vuln/detail/CVE-2007-6714
http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
http://secunia.com/advisories/29903
http://secunia.com/advisories/29937
http://secunia.com/advisories/29984
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html
http://dbmail.org/index.php?page=news&id=44
https://www.mend.io/vulnerability-database/CVE-2007-6714

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us