Cyrus IMAPd NNTP AUTHINFO USER Command Parsing Authentication Bypass
Medium Nessus Plugin ID 57336
SynopsisThe remote NNTP server is affected by an authentication bypass vulnerability.
DescriptionThe remote NNTP server contains a logic error that causes clients that send only a username, neglecting to send a password, to be treated as authenticated. This may permit an unauthenticated, remote attacker to view and post to restricted newsgroups, impersonating other users in the process.
SolutionUpgrade Cyrus IMAPd to version 2.4.12 or later.