VULHUB ™

FirstClass is a small to mid-range intergrated software package designed to handle multiple message formats. It is distributed and maintained by Centrinity. A problem with the package could allow for a social engineering attack. It is possible to remotely connect to the system on port 25, and send a mail from a user such as the admin using the MAIL FROM: command by encapsulating the name with angle-brackets, i.e. <ADMIN>. By doing so, it may be possible for a remote user to trick users into performing actions which may create an opportunity for attack on the network. This problem makes it possible for a remote user to launch a social engineering attack. This problem is also present in other SMTP servers which allow remote users to connect and assume the identity of local users.

FirstClass is a small to mid-range intergrated software package designed to handle multiple message formats. It is distributed and maintained by Centrinity. A problem with the package could allow for a social engineering attack. It is possible to remotely connect to the system on port 25, and send a mail from a user such as the admin using the MAIL FROM: command by encapsulating the name with angle-brackets, i.e. <ADMIN>. By doing so, it may be possible for a remote user to trick users into performing actions which may create an opportunity for attack on the network. This problem makes it possible for a remote user to launch a social engineering attack. This problem is also present in other SMTP servers which allow remote users to connect and assume the identity of local users.