CVE-2001-0104 - MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pre

CVE-2001-0104

Summary

MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.

References

http://www.securityfocus.com/archive/1/151156
http://www.securityfocus.com/bid/2115
https://exchange.xforce.ibmcloud.com/vulnerabilities/5763

Vulnerable Configurations

cpe:2.3:a:alt-n:mdaemon:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:alt-n:mdaemon:3.5.1:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	2115
bugtraq	20001214 Bypass MDaemon 3.5.1 "Lock Server" Protection
xf	mdaemon-lock-bypass-password(5763)

Last major update

19-12-2017 - 02:29

Published

12-02-2001 - 05:00

Last modified

19-12-2017 - 02:29