ID de Prueba:	1.3.6.1.4.1.25623.1.0.112510
Categoría:	Privilege escalation
Título:	Dovecot 1.1.0 - 2.2.36 and 2.3.0 - 2.3.4 Authentication Bypass Vulnerability
Resumen:	Dovecot is prone to an authentication bypass vulnerability.
Descripción:	Summary: Dovecot is prone to an authentication bypass vulnerability. Vulnerability Insight: If the provided trusted SSL certificate is missing the username field, Dovecot should be failing the authentication. However, the earlier versions will take the username from the user provided authentication fields (e.g. LOGIN command). Vulnerability Impact: If there is no additional password verification, this allows the attacker to login as anyone else in the system. Affected Software/OS: Dovecot versions 1.1.0 through 2.2.36 and 2.3.0 through 2.3.4. Solution: Update to version 2.2.36.1 or 2.3.4.1 respectively. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3814 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/ https://security.gentoo.org/glsa/201904-19 https://www.dovecot.org/list/dovecot/2019-February/114575.html RedHat Security Advisories: RHSA-2019:3467 https://access.redhat.com/errata/RHSA-2019:3467 SuSE Security Announcement: openSUSE-SU-2019:1220 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.