NetWin DMail DList Remote Authentication Bypass Vulnerability
BID:13497
Info
NetWin DMail DList Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 13497 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2005 12:00AM |
| Updated: | May 04 2005 12:00AM |
| Credit: | Discovery is credited to Chew Keong TAN. |
| Vulnerable: |
NetWin DMail 3.1 a |
| Not Vulnerable: | |
Discussion
NetWin DMail DList Remote Authentication Bypass Vulnerability
The mailing list server (dlist.exe) included with DMail is reportedly affected by an authentication bypass vulnerability.
Due to a design error, an attacker can bypass authentication and gain unauthorized access.
A successful attack can allow the attacker to gain access to sensitive information and carry out a denial of service attack.
DMail 3.1a running on the Windows platform is reportedly affected by this issue. Other versions may be vulnerable as well.
The mailing list server (dlist.exe) included with DMail is reportedly affected by an authentication bypass vulnerability.
Due to a design error, an attacker can bypass authentication and gain unauthorized access.
A successful attack can allow the attacker to gain access to sensitive information and carry out a denial of service attack.
DMail 3.1a running on the Windows platform is reportedly affected by this issue. Other versions may be vulnerable as well.
Exploit / POC
NetWin DMail DList Remote Authentication Bypass Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
NetWin DMail DList Remote Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
NetWin DMail DList Remote Authentication Bypass Vulnerability
References:
References:
- NetWin DMail Server Two Vulnerabilities (SIG^2 Vulnerability Research)
- Netwin's DMail Product Homepage (Netwin)