An issue exists in MailStore Server (and Service Provider Edition) 9.x up to and including 11.x prior to 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDAP, an attacker is able to login as an existing user with an arbitrary password on the second login attempt.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mailstore mailstore |
||
mailstore mailstore server |