Description
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gerardo Vazquez_ Eduardo Arriols · textremotelinux
https://www.exploit-db.com/exploits/29706
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89077
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/29706
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124054
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63793
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/100007
Scores
EPSS
0.1469
EPSS Percentile
94.5%
Details
CWE
CWE-264
Status
published
Products (1)
deeproot_linux/deepofix
< 3.3
Published
Oct 26, 2014
Tracked Since
Feb 18, 2026