CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-2346

HIGH
7.5
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile8.54th
Published2006年5月12日
Last Modified2026年4月16日

Vulnerability Description

vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.

Affected Platforms (CPE)

📦
Inter7

Vpopmail \(vchkpw\)

= 5.4.14
📦
Inter7

Vpopmail \(vchkpw\)

= 5.4.15

References & Advisories

🔗 http://secunia.com/advisories/19987
🔗 http://sourceforge.net/project/shownotes.php?release_id=415350
🔗 http://www.osvdb.org/25445
🔗 http://www.securityfocus.com/bid/17894
🔗 http://www.vupen.com/english/advisories/2006/1698
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26333
🔗 http://secunia.com/advisories/19987
🔗 http://sourceforge.net/project/shownotes.php?release_id=415350

関連する脆弱性情報

CVE-2000-05835.0

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2006-011910.0

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due...