Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-3814  

A vulnerability has been found in Dovecot versions prior to 2.3.4.1, allowing a remote client in possession of a trusted SSL certificate to log in as any user, in some configurations. This affects only installations using auth_ssl_require_client_cert = yes and auth_ssl_username_from_cert = yes, and the the attacker might have access to a trusted certificate without the ssl_cert_username_field (default to commonName) set in it.

Source
Severity High

Remote Yes

Type Authentication bypass

Description 

A vulnerability has been found in Dovecot versions prior to 2.3.4.1, allowing a remote client in possession of a trusted SSL certificate to log in as any user, in some configurations.
This affects only installations using auth_ssl_require_client_cert = yes and auth_ssl_username_from_cert = yes, and the the attacker might have access to a trusted certificate without the ssl_cert_username_field (default to commonName) set in it.

AVG-872 dovecot 2.3.4-3 2.3.4.1-1 High Fixed

06 Feb 2019 ASA-201902-1 AVG-872 dovecot High authentication bypass 

https://www.dovecot.org/pipermail/dovecot/2019-February/114575.html
https://github.com/dovecot/core/commit/61471a5c42528090cffcca9bceded316746637b7

Needs better description

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started