Detections
Analytics

Debian GNU/Linux Sendmail Default SASL Password

high Nessus Plugin ID 14832

Language:

Synopsis

The remote SMTP server has an account with a default password.

Description

The remote host is running a Sendmail server with a default SASL password of 'sendmail' / 'sendmailpwd'. A spammer may use this account to use the remote server as a spam relay for the internet.

Solution

Disable this account or secure it with a strong password.

See Also

http://www.debian.org/security/2004/dsa-554

Plugin Details

Severity: High

ID: 14832

File Name: debian_sasl_default_pwd.nasl

Version: 1.16

Type: remote

Published: 9/28/2004

Updated: 7/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/28/2004

Reference Information

CVE: CVE-2004-0833

BID: 11262