Описание
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.5.3-1 |
| cosmic | not-affected | 3.5.3-1 |
| devel | DNE | |
| disco | not-affected | 3.5.3-1 |
| eoan | not-affected | 3.5.3-1 |
| esm-apps/bionic | not-affected | 3.5.3-1 |
| esm-apps/focal | not-affected | 3.5.3-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | released | 3.4.2-3ubuntu0.1~esm1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
The m_authenticate function in modules/m_sasl.c in Charybdis before 3. ...
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3