Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6984

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-6984
Last Modified 28 Sep 2009 12:00:00
Published 19 Aug 2009 01:24:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6984

Summary

Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.

Vulnerable Systems

Application

  • Parallels Plesk 8.6.0


References

XF - plesk-shortnames-security-bypass(44856)

SECTRACK - 1020801

BID - 30956

BUGTRAQ - 20080831 Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges

OSVDB - 51652


Last Updated: 27 May 2016 10:49:25