CVE-2023-23566

Published: Jan 13, 2023Modified: Apr 7, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.

Affected (1)

Products: Axigen: Axigen Mail Server

1 product

Axigen Mail Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axigen Axigen Mail Server	Version 10.3.3.52

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

https://github.com/umz-cert/vulnerabilities/issues/1

Source: cve@mitre.org

Third Party Advisory

https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verification

Source: cve@mitre.org

Third Party Advisory

https://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479

Source: cve@mitre.org

Technical DescriptionVendor Advisory

https://www.axigen.com/mail-server/download/

Source: cve@mitre.org

Vendor Advisory

https://github.com/umz-cert/vulnerabilities/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verification

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionVendor Advisory

https://www.axigen.com/mail-server/download/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.