Authentication Bypass in NetWin dMailWeb and cwMail by Carriage Return Injection
CVE-2000-0610

Currently unrated

Key Information:

Vendor: Netwin
Status: Cwmail; Dmailweb
Vendor: CVE Published:; 23 June 2000

What is CVE-2000-0610?

NetWin dMailWeb and cwMail versions up to 2.6g exhibit a flaw that allows remote attackers to exploit a carriage return in the username, thereby bypassing authentication mechanisms. This vulnerability facilitates unauthorized use of the mail server for relay purposes, posing significant risks for misuse and potential spam distribution.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/4770

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/1390

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2000-06/02...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jul 19, 2000
Vulnerability published
Jun 23, 2000

Netwin

What is CVE-2000-0610?

References

Timeline