CVE-2002-2043

Name of the Vulnerable Software and Affected Versions Cyrus SASL versions 1.5.24 through 1.5.27

Description The issue allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password, due to a SQL injection vulnerability in the LDAP and MySQL authentication patch.

Recommendations For Cyrus SASL versions 1.5.24 through 1.5.27, consider disabling the LDAP and MySQL authentication patch until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation. Avoid using the password parameter in the affected authentication endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.