The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. Exploit only works on Open Source versions of this product.
Publication date: Thu, 01 Jun 2006 15:02:00 +0000