Untrusted Format String Vulnerability in vchkpw Program

Untrusted Format String Vulnerability in vchkpw Program

CVE-2000-0583 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Learn more about our User Device Pen Test.