CVE-2008-6984

Name of the Vulnerable Software and Affected Versions Plesk version 8.6.0

Description The issue allows remote attackers to bypass authentication and send spam e-mail when short mail login names are enabled. This can be achieved by sending a message with a base64-encoded username that begins with a valid shortname, or a username that matches a valid password. The exploitation can occur through various protocols, including SMTP with qmail, and Courier IMAP and POP3.

Recommendations For Plesk version 8.6.0, consider disabling the use of short mail login names (SHORTNAMES) to prevent authentication bypass and spam e-mail sending until a patch is available. Additionally, restrict access to SMTP, qmail, Courier IMAP, and POP3 services to minimize the risk of exploitation.