CVE-2008-6984
Plesk 8.6.0 - Authentication Bypass via Short Mail Login Names
Title source: llmDescription
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020801
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44856
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30956
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495881
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/51652
Scores
EPSS
0.0135
EPSS Percentile
68.1%
Details
CWE
CWE-287
Status
published
Products (1)
parallels/plesk
8.6.0 (2 CPE variants)
Published
Aug 19, 2009
Tracked Since
Feb 18, 2026