Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Parallels Plesk Shortnames功能邮件中继漏洞
Vulnerability Description
Plesk是用于管理站点的综合控制面板解决方案。 在Plesk中如果为邮件登录启用了SHORTNAMES=1功能的话,QMAIL就会在AUTH LOGIN认证期间接受任何以有效shortname开始的base64编码用户名。这允许攻击者登录到plesk认证模块所保护的邮件或其他服务,通过获得的smtp认证权限中继垃圾邮件。 必须要从smtp(s)_psa删除SHORTNAMES=1才可以修复这个问题,仅仅将其设置为0无法解决。
CVSS Information
N/A
Vulnerability Type
N/A