CVE-2007-6714
DBMail < 2.2.9 - Unauthenticated Authentication Bypass via Empty LDAP Password
Title source: llmDescription
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
References (13)
Core 13
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28849
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/44561
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29903
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019914
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29984
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1321/references
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29937
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
Patch x_refsource_confirm
http://dbmail.org/index.php?page=news&id=44
Scores
EPSS
0.0239
EPSS Percentile
81.9%
Details
CWE
CWE-287
Status
published
Products (3)
dbmail/dbmail
2.2.6 (2 CPE variants)
dbmail/dbmail
2.2.7 (5 CPE variants)
dbmail/dbmail
2.2.8 (2 CPE variants)
Published
Apr 17, 2008
Tracked Since
Feb 18, 2026