First published: Fri Jan 04 2008(Updated: )
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dovecot Dovecot | <=1.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.