Microsoft Windows SMTP Incorrect Credentials Authentication Bypass

high Nessus Plugin ID 10703

Synopsis

The remote SMTP server is vulnerable to an authentication bypass.

Description

The remote SMTP server is vulnerable to a flaw in its authentication process.

This vulnerability allows any unauthorized user to successfully authenticate and use the remote SMTP server.

An attacker may use this flaw to use this SMTP server as a spam relay.

Solution

Apply the appropriate MS01-037 patches from Microsoft or upgrade to the latest service pack.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-037

Plugin Details

Severity: High

ID: 10703

File Name: smtp_ms01-037.nasl

Version: 1.36

Type: remote

Published: 7/7/2001

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: SMTP/wrapped, SMTP/qmail, SMTP/postfix

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/5/2001

Reference Information

CVE: CVE-2001-0504

BID: 2988

MSFT: MS01-037

MSKB: 302755