Test Kennung:	1.3.6.1.4.1.25623.1.0.112510
Kategorie:	Privilege escalation
Titel:	Dovecot 1.1.0 - 2.2.36 and 2.3.0 - 2.3.4 Authentication Bypass Vulnerability
Zusammenfassung:	Dovecot is prone to an authentication bypass vulnerability.
Beschreibung:	Summary: Dovecot is prone to an authentication bypass vulnerability. Vulnerability Insight: If the provided trusted SSL certificate is missing the username field, Dovecot should be failing the authentication. However, the earlier versions will take the username from the user provided authentication fields (e.g. LOGIN command). Vulnerability Impact: If there is no additional password verification, this allows the attacker to login as anyone else in the system. Affected Software/OS: Dovecot versions 1.1.0 through 2.2.36 and 2.3.0 through 2.3.4. Solution: Update to version 2.2.36.1 or 2.3.4.1 respectively. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3814 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/ https://security.gentoo.org/glsa/201904-19 https://www.dovecot.org/list/dovecot/2019-February/114575.html RedHat Security Advisories: RHSA-2019:3467 https://access.redhat.com/errata/RHSA-2019:3467 SuSE Security Announcement: openSUSE-SU-2019:1220 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.