Debian GNU/Linux Sendmail Default SASL Password

High Nessus Plugin ID 14832


The remote SMTP server has an account with a default password.


The remote host is running a Sendmail server with a default SASL password of 'sendmail' / 'sendmailpwd'. A spammer may use this account to use the remote server as a spam relay for the internet.


Disable this account or secure it with a strong password.

See Also

Plugin Details

Severity: High

ID: 14832

File Name: debian_sasl_default_pwd.nasl

Version: $Revision: 1.15 $

Type: remote

Published: 2004/09/28

Modified: 2013/12/23

Dependencies: 10263

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/09/28

Reference Information

CVE: CVE-2004-0833

BID: 11262

OSVDB: 10374