The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/89077http://www.exploit-db.com/exploits/29706http://packetstormsecurity.com/files/124054http://www.securityfocus.com/bid/63793http://www.osvdb.org/100007
