Lucene search
HistoryDec 09, 2013 - 4:36 p.m.
CVE-2013-6171
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
56.4%
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
Affected configurations
Node
dovecotdovecotRange≤2.2.6
ORdovecotdovecotMatch2.0beta1
ORdovecotdovecotMatch2.0.0
ORdovecotdovecotMatch2.0.1
ORdovecotdovecotMatch2.0.2
ORdovecotdovecotMatch2.0.3
ORdovecotdovecotMatch2.0.4
ORdovecotdovecotMatch2.0.5
ORdovecotdovecotMatch2.0.6
ORdovecotdovecotMatch2.0.7
ORdovecotdovecotMatch2.0.8
ORdovecotdovecotMatch2.0.9
ORdovecotdovecotMatch2.0.10
ORdovecotdovecotMatch2.0.11
ORdovecotdovecotMatch2.0.12
ORdovecotdovecotMatch2.0.13
ORdovecotdovecotMatch2.0.14
ORdovecotdovecotMatch2.0.15
ORdovecotdovecotMatch2.1rc1
ORdovecotdovecotMatch2.1rc2
ORdovecotdovecotMatch2.1rc3
ORdovecotdovecotMatch2.1rc5
ORdovecotdovecotMatch2.1rc6
ORdovecotdovecotMatch2.1rc7
ORdovecotdovecotMatch2.1.0
ORdovecotdovecotMatch2.1.1
ORdovecotdovecotMatch2.1.2
ORdovecotdovecotMatch2.1.3
ORdovecotdovecotMatch2.1.4
ORdovecotdovecotMatch2.1.5
ORdovecotdovecotMatch2.1.6
ORdovecotdovecotMatch2.1.7
ORdovecotdovecotMatch2.1.10
ORdovecotdovecotMatch2.1.11
ORdovecotdovecotMatch2.1.12
ORdovecotdovecotMatch2.1.13
ORdovecotdovecotMatch2.1.14
ORdovecotdovecotMatch2.1.15
ORdovecotdovecotMatch2.2rc1
ORdovecotdovecotMatch2.2rc2
ORdovecotdovecotMatch2.2rc3
ORdovecotdovecotMatch2.2rc4
ORdovecotdovecotMatch2.2rc5
ORdovecotdovecotMatch2.2rc6
ORdovecotdovecotMatch2.2rc7
ORdovecotdovecotMatch2.2.0
ORdovecotdovecotMatch2.2.1
ORdovecotdovecotMatch2.2.2
ORdovecotdovecotMatch2.2.3
ORdovecotdovecotMatch2.2.4
ORdovecotdovecotMatch2.2.5
Related
openvas
openvas
Dovecot < 2.2.7 Authentication Bypass Vulnerability
2019-12-18 00:00:00
Ubuntu: Security Advisory (USN-3556-2)
2022-08-26 00:00:00
debiancve
debiancve
CVE-2013-6171
2013-12-09 16:36:47
cve
cve
CVE-2013-6171
2013-12-09 16:36:47
ubuntucve
ubuntucve
CVE-2013-6171
2013-12-09 00:00:00
cvelist
cvelist
CVE-2013-6171
2013-12-09 11:00:00
prion
prion
Authentication flaw
2013-12-09 16:36:00
ubuntu
ubuntu
Dovecot vulnerabilities
2018-02-01 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
56.4%
Related for NVD:CVE-2013-6171