Main Vulnerability Database SB2019020615

SB2019020615 - Debian update for dovecot

Published: February 6, 2019

Security Bulletin ID SB2019020615

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authentication bypass (CVE-ID: CVE-2019-3814)

The vulnerability allows a remote authenticated attacker to bypass authentication.

The weakness exists due to taking of the username from the user provided authentication fields (e.g. LOGIN command). A remote attacker with access to a valid trusted certificate without the ssl_cert_username_field in it can bypass password verification if the provided trusted SSL certificate is missing the username field and login as anyone else in the system

Remediation

Install update from vendor's website.

References

https://www.debian.org/security/2019/dsa-4385