Vulnerability CVE-2019-3814
Published: 2019-03-27

Description:
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Type:

CWE-295

 (Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Opensuse -> LEAP 
Dovecot -> Dovecot 
Canonical -> Ubuntu linux 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/
https://security.gentoo.org/glsa/201904-19
https://www.dovecot.org/list/dovecot/2019-February/114575.html
Copyright 2024, cxsecurity.com

 

Back to Top