CVE-2013-6796

DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6796. PoCs published by Gerardo Vazquez_ Eduardo Arriols.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass in DeepOfix's SMTP server by leveraging a null password encoded in Base64, allowing unauthorized access as the 'admin' user. The provided Python script automates the authentication and email sending process.

Description

The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Gerardo Vazquez_ Eduardo Arriols · textremotelinux
https://www.exploit-db.com/exploits/29706

This exploit demonstrates an authentication bypass in DeepOfix's SMTP server by leveraging a null password encoded in Base64, allowing unauthorized access as the 'admin' user. The provided Python script automates the authentication and email sending process.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DeepOfix <= 3.3
No auth needed
Prerequisites: knowledge of a valid username (e.g., 'admin') · access to the SMTP server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89077
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/29706
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/63793
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/100007

Scores

EPSS 0.0630
EPSS Percentile 92.8%

Details

CWE
CWE-264
Status published
Products (1)
deeproot_linux/deepofix < 3.3
Published Oct 26, 2014
Tracked Since Feb 18, 2026