There are numerous instructions over the internet to use saslauthd. I've tried to run the service. It gave me a surprise when I discovered that /run/saslauthd/mux socket and /usr/sbin/testsaslauthd are both available for non-privileged users. So when you have saslauthd started, it makes your system vulnerable.
What is the supposed way to restrict brute force? I've tried to google it, but google shows only SMTP and IMAP stuff, not saslauthd vulnerability itself.
No comments:
Post a Comment