[原文]Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
Novell NetMail Default NMAP Authentication Credential Failure Arbitrary Mail Access
Local Access Required
Loss of Confidentiality
Novell Netmail contains a flaw that may allow a malicious user to arbitrary access the mail store. The issue is triggered when the default NMAP authentication credential is set automatically and is not changed after installation has finished. It is possible that the flaw may allow an attacker to gain access to the mail store data with read/write permissions resulting in a loss of confidentiality and/or integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.