eXtremail Authentication Bypass Vulnerability

Bugtraq ID:	9754
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2004-0332
Remote:	Yes
Local:	No
Published:	Feb 26 2004 12:00AM
Updated:	Jul 12 2009 03:06AM
Credit:	Discovery of this vulnerability has been credited to "Andrey Smirnov" <[email protected]>.
Vulnerable:	eXtremail eXtremail 1.5.9 eXtremail eXtremail 1.5 -8 eXtremail eXtremail 1.5 -5 eXtremail eXtremail 1.5 eXtremail eXtremail 1.1.10 eXtremail eXtremail 1.1.9 eXtremail eXtremail 1.1.8 eXtremail eXtremail 1.1.7 eXtremail eXtremail 1.1.6 eXtremail eXtremail 1.1.5 eXtremail eXtremail 1.1.4 eXtremail eXtremail 1.1.3 eXtremail eXtremail 1.1.2 eXtremail eXtremail 1.1.1 eXtremail eXtremail 1.1 eXtremail eXtremail 1.0.3 eXtremail eXtremail 1.0.2 eXtremail eXtremail 1.0.1 eXtremail eXtremail 1.0
Not Vulnerable:

eXtremail Authentication Bypass Vulnerability

eXtremail has been reported prone to an authentication bypass vulnerability. The issue will only present itself under certain circumstances. Specifically, if an account is created and the password associated with that account consists of a single digit, or the password begins with a digit, then an attacker may use this account to access the service without supplying any password.

eXtremail Authentication Bypass Vulnerability

There is no exploit required.

eXtremail Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

eXtremail Authentication Bypass Vulnerability

References:

• eXtremail Homepage (eXtremail)
  
• Extremail Security Problem ("Andrey Smirnov" )