CVE-2013-6796
DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6796. PoCs published by Gerardo Vazquez_ Eduardo Arriols.
AI-analyzed exploit summary This exploit demonstrates an authentication bypass in DeepOfix's SMTP server by leveraging a null password encoded in Base64, allowing unauthorized access as the 'admin' user. The provided Python script automates the authentication and email sending process.
Description
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
Exploits (1)
This exploit demonstrates an authentication bypass in DeepOfix's SMTP server by leveraging a null password encoded in Base64, allowing unauthorized access as the 'admin' user. The provided Python script automates the authentication and email sending process.