Back to search
CVE-2008-1218
Published: Mar 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-200803-25
vendor-advisory
x_refsource_GENTOO
29295
third-party-advisory
x_refsource_SECUNIA
dovecot-tab-authentication-bypass(41085)
vdb-entry
x_refsource_XF
5257
exploit
x_refsource_EXPLOIT-DB
29557
third-party-advisory
x_refsource_SECUNIA
DSA-1516
vendor-advisory
x_refsource_DEBIAN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108
x_refsource_MISC
USN-593-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2008-2475
vendor-advisory
x_refsource_FEDORA
29364
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:020
vendor-advisory
x_refsource_SUSE
https://issues.rpath.com/browse/RPL-2341
x_refsource_CONFIRM
[Dovecot-news] 20080309 Security hole #6: Some passdbs allowed users to log in without a valid password
mailing-list
x_refsource_MLIST
[Dovecot-news] 20080309 v1.0.13 and v1.1.rc3 released
mailing-list
x_refsource_MLIST
29226
third-party-advisory
x_refsource_SECUNIA
20080312 rPSA-2008-0108-1 dovecot
mailing-list
x_refsource_BUGTRAQ
32151
third-party-advisory
x_refsource_SECUNIA
29385
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-2464
vendor-advisory
x_refsource_FEDORA
28181
vdb-entry
x_refsource_BID
29396
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now