CVE-2004-2572

Name of the Vulnerable Software and Affected Versions AMAX Magic Winmail Server version 3.6

Description The issue allows remote attackers to obtain sensitive information by entering invalid characters, such as (), or a large number of characters in the "Lookup" field on the "netaddressbook.php" web form. This reveals the path in an "ldaplib.php" error message when the ldap search function fails due to improper processing of the $keyword variable.

Recommendations For AMAX Magic Winmail Server version 3.6, consider restricting input in the "Lookup" field on the "netaddressbook.php" web form to prevent the entry of invalid or excessive characters, and ensure proper validation and sanitization of the $keyword variable to prevent information disclosure.