First published: Wed Mar 09 2022(Updated: )
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Maddy Project Maddy | >=0.5.0<0.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24732 is a vulnerability in the Maddy Mail Server that allows authentication without password or account expiry checking when using PAM.
CVE-2022-24732 has a severity rating of high (8.8).
To fix CVE-2022-24732, users are advised to upgrade their Maddy Mail Server to version 0.5.4 or higher.
If you are unable to upgrade Maddy Mail Server to version 0.5.4, you should manually remove expired accounts via existing filtering mechanisms.
You can find more information about CVE-2022-24732 in the GitHub commit (https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583) and the GitHub security advisory (https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9).