Remote Authentication Bypass in Novell Internet Messaging System and NetMail
CVE-2004-2298

Currently unrated

Key Information:

Vendor: Novell
Status: Internet Messaging System; Netmail
Vendor: CVE Published:; 31 December 2004

Summary

The Novell Internet Messaging System (NIMS) versions 2.6 and 3.0, along with NetMail versions 3.1 and 3.5, are susceptible to a significant security flaw due to the installation of default NMAP authentication credentials. If the system administrator fails to utilize the NMAP Credential Generator to change this default credential, remote attackers can exploit this vulnerability to access and manipulate the mail store data, leading to unauthorized operations and potential data breaches.

References

http://secunia.com/advisories/13377

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/12234

vdb-entryx_refsource_OSVDB

http://support.novell.com/cgi-bin/search/searchtid.cgi?/1...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2004