CVE-2023-27582
First published: Mon Mar 13 2023(Updated: )
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Maddy Project Maddy | >=0.2.0<0.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-27582?
The severity of CVE-2023-27582 is critical with a severity value of 9.8.
What is CVE-2023-27582?
CVE-2023-27582 is a vulnerability in the maddy mail server that allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms.
How can I fix CVE-2023-27582?
You can fix CVE-2023-27582 by updating maddy to version 0.6.3 or later.
Where can I find more information about CVE-2023-27582?
You can find more information about CVE-2023-27582 on the GitHub page of maddy, including the commits and release tag that address the vulnerability.
What is the Common Weakness Enumeration (CWE) associated with CVE-2023-27582?
The Common Weakness Enumeration (CWE) associated with CVE-2023-27582 are CWE-287 and CWE-305.
- collector/nvd-index
- vendor/maddy project
- canonical/maddy project maddy
- version/maddy project maddy/0.2.0