Tag
Maddy Mail Server is vulnerable to LDAP injection via unsanitized username in the `auth.ldap` module, enabling identity spoofing, LDAP directory enumeration, and attribute value extraction by injecting arbitrary LDAP filter expressions through the username field in SMTP submission or IMAP LOGIN interfaces.