CVE-2006-2346

Name of the Vulnerable Software and Affected Versions vpopmail versions 5.4.14 through 5.4.15

Description The issue allows remote attackers to authenticate to an account without a cleartext password set by using a blank password to either SMTP AUTH or APOP, but only when cleartext passwords are enabled.

Recommendations For vpopmail versions 5.4.14 through 5.4.15, consider disabling the use of cleartext passwords as a temporary workaround until a patch is available. Restrict access to SMTP AUTH and APOP to minimize the risk of exploitation.