Описание
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | not-affected | 1:1.0.10-1ubuntu1 |
| edgy | not-affected | code not present |
| feisty | released | 1.0.rc17-1ubuntu2.2 |
| gutsy | released | 1:1.0.5-1ubuntu2.1 |
| upstream | released | 1.0.10 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.10, with certain configuration options including us ...
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
ELSA-2008-0297: dovecot security and bug fix update (LOW)
EPSS
6.8 Medium
CVSS2