This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.
The remote fax server fails to properly validate passwords.
The remote host is running HylaFAX, a fax / pager server application
for Linux / unix.
The version of HylaFAX installed on the remote host does not check
passwords when authenticating users via hfaxd, its fax server. An
attacker can exploit this issue to bypass authentication using a valid
username and gain access to the system.
See also :
Rebuild HylaFAX with PAM support or upgrade to HylaFAX version 4.2.4
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Nessus Plugin ID: 20387 (hylafax_auth_bypass.nasl)
Bugtraq ID: 16150
CVE ID: CVE-2005-3538
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.