#VU17374 Authentication bypass in Dovecot


Published: 2019-02-05

Vulnerability identifier: #VU17374

Vulnerability risk: Medium

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-3814

CWE-ID: CWE-592

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Dovecot
Server applications / Mail servers

Vendor: Dovecot

Description
The vulnerability allows a remote authenticated attacker to bypass authentication.

The weakness exists due to taking of the username from the user provided authentication fields (e.g. LOGIN command). A remote attacker with access to a valid trusted certificate without the ssl_cert_username_field in it can bypass password verification if the provided trusted SSL certificate is missing the username field and login as anyone else in the system

Mitigation
The vulnerability has been addressed in the versions 2.2.36.1, 2.3.4.1.

Vulnerable software versions

Dovecot: 1.1.0 - 2.3.4

External links
http://www.dovecot.org/list/dovecot/2019-February/114575.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Amazon Linux AMI update for dovecot
Red Hat Enterprise Linux 7 update for dovecot
Red Hat update for dovecot
OpenSUSE Linux update for dovecot22
Gentoo update for Dovecot
OpenSUSE Linux update for dovecot23
Debian update for dovecot
Arch Linux update for dovecot
Authentication bypass in Dovecot
Authentication bypass in dovecot (Alpine package)