Vulnerability Details CVE-2006-2346
vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/19987
- http://sourceforge.net/project/shownotes.php?release_id=415350
- http://www.osvdb.org/25445
- http://www.securityfocus.com/bid/17894
- http://www.vupen.com/english/advisories/2006/1698
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26333
- http://secunia.com/advisories/19987
- http://sourceforge.net/project/shownotes.php?release_id=415350
- http://www.osvdb.org/25445
- http://www.securityfocus.com/bid/17894
- http://www.vupen.com/english/advisories/2006/1698
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26333
Products affected by CVE-2006-2346
-
cpe:2.3:a:inter7:vpopmail_(vchkpw):5.4.14
-
cpe:2.3:a:inter7:vpopmail_(vchkpw):5.4.15