• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Dovecot Authentication Cache Security Bypass Vulnerability

Dovecot is prone to a security-bypass vulnerability.

An attacker may exploit this condition to bypass certain security restrictions and obtain potentially sensitive data; other attacks are also possible.

Please note that default configurations of Dovecot are not affected by this issue. The chances of attack are further reduced because Dovecot must be configured in a specific way, making exploits highly circumstantial.

Versions higher than Dovecot 1.0.rc11 and prior to Dovecot 1.0.10 are vulnerable to this issue.