Описание
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | released | 8.5.5-0ubuntu1+esm1 |
| esm-apps/focal | released | 8.7.0-7ubuntu1.1 |
| esm-apps/jammy | released | 8.7.0-7.1ubuntu10.1 |
| focal | released | 8.7.0-7ubuntu1.1 |
| impish | ignored | end of life |
| jammy | released | 8.7.0-7.1ubuntu10.1 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | DNE |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2 ...
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3