CVE-2007-3275

Name of the Vulnerable Software and Affected Versions MailWasher Server versions prior to 2.2.1

Description The issue allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account when MailWasher Server is used with LDAP or Active Directory (AD). This is due to the improper handling of blank passwords. The LoginCheck::doPost function in mwi/servlet/Login.cpp might be related to this issue.

Recommendations For MailWasher Server versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of blank passwords or restricting access to the LDAP or Active Directory (AD) integration until a patch is applied.