Home page logo

bugtraq logo Bugtraq mailing list archives

MDaemon 5.0.5 authentication vulnerability
From: "Buckaroo Banzai" <buckaner0 () terra es>
Date: Sat, 9 Aug 2003 01:59:59 +0200


There is a security problem on MDaemon 5.0.5 (maybe other versions 
affected as well) regarding smtp authentication.

Blank password authenticates any valid user:

For primary domain:
User:           VALIDUSER       or      VALIDUSER () primaridomain com
Password:       blank password

For secondary domains:
User:           VALIDUSER () secondarydomain com
Password:       blank password

Using this vulnerability Spammers could abuse server even if relay control is 
properly configured. To abuse the server there is no need to get the 
userlist.dat and decode the well known weak encryption of MDeamon 5.0.6 
and before (base64 encoded password plus one offset for each character 

If a valid user is required you could always built-in account "MDaemon" and 
the default password (see references) or blank password. You could also try 
with well known accounts (administrator, webmaster, info, spam, admin, etc.)

Sample session:

220 xxx.com ESMTP MDaemon 5.0.5; Sat, 02 Aug 2003 00:51:06 +0200
EHLO localhost
250-xxx.com Hello localhost, pleased to meet you
250 SIZE 0
334 VXNlcm5hbWU6               (334 Username:)
TURhZW1vbg==                      (MDaemon)
334 UGFzc3dvcmQ6               (334 Password:)
                                             (blank password)
235 Authentication successful

Buckaroo Banzai

PD: The bug has been submited to ALT-N

References: related security issues regarding MDaemon 5

  By Date           By Thread  

Current thread:
  • MDaemon 5.0.5 authentication vulnerability Buckaroo Banzai (Aug 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]