Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-24031

Опубликовано: 27 мар. 2026
Источник: redhat
CVSS3: 7.7

Описание

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

A flaw was found in Dovecot. When the auth_username_chars configuration is cleared by an administrator, it creates an authentication bypass vulnerability. This allows a remote attacker to gain unauthorized access to user accounts and enumerate valid usernames.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10dovecotAffected
Red Hat Enterprise Linux 6dovecotAffected
Red Hat Enterprise Linux 7dovecotAffected
Red Hat Enterprise Linux 8dovecotAffected
Red Hat Enterprise Linux 9dovecotAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-89
https://bugzilla.redhat.com/show_bug.cgi?id=2452181dovecot: Dovecot: Authentication bypass and user enumeration due to cleared auth_username_chars configuration

7.7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-24031

CVSS3: 7.7
ubuntu
6 дней назад

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

nvd логотип

CVE-2026-24031

CVSS3: 7.7
nvd
6 дней назад

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

debian логотип

CVE-2026-24031

CVSS3: 7.7
debian
6 дней назад

Dovecot SQL based authentication can be bypassed when auth_username_ch ...

github логотип

GHSA-fx6f-5qgf-9fmx

CVSS3: 7.7
github
6 дней назад

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

7.7 High

CVSS3