CyberSec.Space Logo
Back to CVE Browser

CVE-2006-2346

HIGH
7.5
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile8.54th
PublishedMay 12, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.

Affected Platforms (CPE)

πŸ“¦
Inter7

Vpopmail \(vchkpw\)

= 5.4.14
πŸ“¦
Inter7

Vpopmail \(vchkpw\)

= 5.4.15

References & Advisories

πŸ”— http://secunia.com/advisories/19987
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=415350
πŸ”— http://www.osvdb.org/25445
πŸ”— http://www.securityfocus.com/bid/17894
πŸ”— http://www.vupen.com/english/advisories/2006/1698
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26333
πŸ”— http://secunia.com/advisories/19987
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=415350

Related Vulnerabilities

CVE-2000-05835.0

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-028310.0

Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, ...