[Suggested description]
A 2-Step Verification problem in Axigen mail server 10.3.3.52 let the attacker access to mailbox
by bypassing 2-Step Verification when he try add the account to any third-party web mail or add
this account to Outlook, Gmail application or etc. with IMAP or POP3 without any verification code.
this 2-Step Verification method is only works via Axigen Webmail.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
Axigen
[Affected Product Code Base]
Axigen Mail Server 10.3.3.52
[Affected Component]
2-Step verification
[Attack Type]
Remote
[Impact Escalation of Privileges]
true
[Impact Information Disclosure]
true
[CVE Impact Other]
[Attack Vectors]
To bypass an accounts 2-step verification, you can add it in Outlook or
Gmail application via IMAP or POP3 without any verification code.
Use CVE-2023-23566.
The text was updated successfully, but these errors were encountered: