ID
VAR-200809-0456
TITLE
Parallels Plesk Shortnames Feature Mail Relay Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2008-4213
DESCRIPTION
Plesk is a comprehensive control panel solution for managing sites. If SHORTNAMES = 1 is enabled for email login in Plesk, QMAIL will accept any base64-encoded username starting with a valid shortname during AUTH LOGIN authentication. This allows an attacker to log in to mail or other services protected by the plesk authentication module and relay spam through the smtp authentication permissions obtained. You must remove SHORTNAMES = 1 from smtp (s) _psa to fix this problem, just setting it to 0 cannot solve it.
Trust: 0.6
sources:
CNVD: CNVD-2008-4213
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2008-4213
AFFECTED PRODUCTS
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2008-4213
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2008-4213 | Trust: 0.6 |
sources:
CNVD: CNVD-2008-4213
SOURCES
| db: | CNVD | id: | CNVD-2008-4213 |
LAST UPDATE DATE
2022-05-04T09:35:56.950000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2008-4213 | date: | 2008-09-02T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2008-4213 | date: | 2008-09-01T00:00:00 |