Microsoft Windows SMTP Service NTLM Null Session Authorization Bypass (uncredentialed check)
Medium Nessus Plugin ID 11308
SynopsisThe remote SMTP server is affected by an authorization bypass vulnerability.
DescriptionIt is possible to authenticate to the remote SMTP service by logging in with a NULL session.
An attacker may use this flaw to use your SMTP server as a spam relay.
SolutionMicrosoft has released patches for Windows NT and 2000 as well as Exchange Server 5.5.