FreeBSD : dovecot -- Specific LDAP + auth cache configuration may mix up user logins (cf484358-b5d6-11dc-8de0-001c2514716c)
High Nessus Plugin ID 29811
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDovecot reports :
If two users with the same password and same pass_filter variables log in within auth_cache_ttl seconds (1h by default), the second user may get logged in with the first user's cached pass_attrs. For example if pass_attrs contained the user's home/mail directory, this would mean that the second user will be accessing the first user's mails.
SolutionUpdate the affected package.