CVE-2004-2071

Macallan Mail Solution <2.8.4.6 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2071. PoCs published by Ziv Kamir.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in Macallan Mail Solution by submitting a crafted HTTP GET request to the administration page. The vendor claims administrative actions may not be possible post-bypass.

Description

Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ziv Kamir · textwebappsphp

https://www.exploit-db.com/exploits/23687

View Code ZIP pw:eip

The exploit describes an authentication bypass vulnerability in Macallan Mail Solution by submitting a crafted HTTP GET request to the administration page. The vendor claims administrative actions may not be possible post-bypass.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Macallan Mail Solution 2.8.4.6(Build 260)

No auth needed

Prerequisites: Network access to the target web interface

MITRE ATT&CK