2-Step Verification Bypass in Axigen Mail Server by Axigen
CVE-2023-23566

9.8CRITICAL

Key Information:

Vendor: Axigen
Status: Axigen Mail Server
Vendor: CVE Published:; 13 January 2023

What is CVE-2023-23566?

A vulnerability exists in Axigen Mail Server 10.3.3.52 that allows an attacker to bypass the 2-Step Verification mechanism. This enables unauthorized access to mailboxes when the attacker attempts to add an account to third-party webmail services or applications like Outlook and Gmail using IMAP or POP3, without needing a verification code. This issue poses significant security risks to users who rely on this verification for the protection of their email communications.

References

https://github.com/umz-cert/vulnerabilities/issues/1

https://github.com/umz-cert/vulnerabilitys/blob/patch-1/A...

https://www.axigen.com/mail-server/download/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jan 13, 2023