Описание
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.
A flaw was found in Dovecot. Under specific conditions, if the authentication cache is enabled and the username is altered in the password database, Dovecot's One-Time Password (OTP) authentication is vulnerable to a replay attack. A remote attacker able to observe an OTP exchange can exploit this flaw to log in as the legitimate user, leading to unauthorized access.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 6 | dovecot | Out of support scope | ||
| Red Hat Enterprise Linux 7 | dovecot | Fix deferred | ||
| Red Hat Enterprise Linux 8 | dovecot | Not affected | ||
| Red Hat Enterprise Linux 9 | dovecot | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.
Dovecot OTP authentication is vulnerable to replay attack under specif ...
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.
EPSS
6.8 Medium
CVSS3