Dovecot passdbs Argument Injection Authentication Bypass

medium Nessus Plugin ID 31466

Synopsis

The remote mail server is affected by an authentication bypass vulnerability.

Description

The remote host is running Dovecot, an open source IMAP4 / POP3 server for Linux / Unix.

The version of Dovecot installed on the remote host uses a TAB character as a delimiter internally but fails to escape them when they appear in a password. Provided Dovecot is configured to use a blocking passdb, an attacker can leverage this issue to bypass authentication and gain access to a user's mailbox.

Solution

Upgrade to Dovecot v1.0.13 / v1.1.rc3 or later.

See Also

https://www.dovecot.org/list/dovecot-news/2008-March/000064.html

Plugin Details

Severity: Medium

ID: 31466

File Name: dovecot_auth_bypass.nasl

Version: 1.17

Type: remote

Family: Misc.

Published: 3/14/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:dovecot:dovecot

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-1218

BID: 28181

CWE: 255

SECUNIA: 29295