Dovecot 'Tab' Character Password Check Security Bypass Vulnerability

Dovecot is prone to a security-bypass vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may exploit this issue to gain unauthorized access the affected application. Successful exploits will compromise the application.

Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states that this issue affects only password databases that have blocking enabled.

NOTE: Reports indicate that this issue can be exploited only on versions after Dovecot 1.0.10, which introduced the 'skip_password_check' field.


Privacy Statement
Copyright 2010, SecurityFocus