Vulnerabilities > CVE-2006-2738 - Unspecified vulnerability in Open-Xchange 0.8.1.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

open-xchange

NVD

Published: 2006-06-01

Updated: 2018-10-18

Summary

The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. Exploit only works on Open Source versions of this product.

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange 0.8.1.6 Open Xchange Open Xchange *	2

References

http://secunia.com/advisories/20323
http://securityreason.com/securityalert/1012
http://www.golem.de/0605/45407.html
http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815
http://www.securityfocus.com/archive/1/435198/100/0/threaded
http://www.securityfocus.com/bid/18115
http://www.vupen.com/english/advisories/2006/2037
https://exchange.xforce.ibmcloud.com/vulnerabilities/26761