Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Courier Mail Server < 0.52.2 Deactivated Account Authentication Bypass



The remote host may allow deactivated users to access their accounts using their old credentials.


The remote host is running Courier Mail Server, an open source mail server for Linux and Unix. The installed version of Courier is prone to a bug in the way that it handles deactivated accounts. Versions of Courier less than 0.52.2 will still allow deactivated accounts to be accessed and used. An attacker exploiting this flaw would need to have the deactivated credentials in order to exploit this flaw.


Upgrade to Courier Mail Server 0.52.2 or higher.