Lucene search
GoogleOSV:CVE-2019-3814HistoryMar 27, 2019 - 1:29 p.m.
CVE-2019-3814
2019-03-2713:29:01
Google
osv.dev
10
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
References
lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html
access.redhat.com/errata/RHSA-2019:3467
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/
security.gentoo.org/glsa/201904-19
www.dovecot.org/list/dovecot/2019-February/114575.html
Related
nessus
nessus
RHEL 8 : dovecot (RHSA-2019:3467)
2019-11-06 00:00:00
FreeBSD : mail/dovecot -- Suitable client certificate can be used to login as other user (1340fcc1-2953-11e9-bc44-a4badb296695)
2019-02-06 00:00:00
Debian DSA-4385-1 : dovecot - security update
2019-02-06 00:00:00
ubuntu
ubuntu
Dovecot vulnerability
2019-02-05 00:00:00
Dovecot vulnerability
2019-02-05 00:00:00
prion
prion
Code injection
2019-03-27 13:29:00
nvd
nvd
CVE-2019-3814
2019-03-27 13:29:01
openvas
openvas
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2019:0243-1)
2019-02-26 00:00:00
Mageia: Security Advisory (MGASA-2019-0072)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4385-1)
2019-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2019-3814
2019-02-05 00:00:00
redhatcve
redhatcve
CVE-2019-3814
2019-02-07 13:49:38
debian
debian
[SECURITY] [DSA 4385-1] dovecot security update
2019-02-05 16:34:36
[SECURITY] [DLA 1667-1] dovecot security update
2019-02-07 17:14:15
[SECURITY] [DSA 4385-1] dovecot security update
2019-02-05 16:34:36
freebsd
freebsd
cve
cve
CVE-2019-3814
2019-03-27 13:29:01
archlinux
archlinux
[ASA-201902-1] dovecot: authentication bypass
2019-02-06 00:00:00
alpinelinux
alpinelinux
CVE-2019-3814
2019-03-27 13:29:01
mageia
mageia
Updated dovecot packages fix security vulnerability
2019-02-13 14:08:25
redhat
redhat
(RHSA-2019:3467) Moderate: dovecot security and bug fix update
2019-11-05 17:48:59
(RHSA-2020:1062) Moderate: dovecot security and bug fix update
2020-03-31 09:14:07
veracode
veracode
Improper Certificate Validation
2019-11-06 00:20:57
osv
osv
dovecot - security update
2019-02-07 00:00:00
dovecot - security update
2019-02-05 00:00:00
suse
suse
Security update for dovecot23 (moderate)
2019-02-26 00:00:00
Security update for dovecot22 (important)
2019-04-17 00:00:00
debiancve
debiancve
CVE-2019-3814
2019-03-27 13:29:01
hackerone
hackerone
Open-Xchange: Username restriction bypass with SSL client authentication
2019-01-16 12:58:11
cvelist
cvelist
CVE-2019-3814
2019-03-27 12:20:45
amazon
amazon
Medium: dovecot
2020-05-08 19:50:00
Medium: dovecot
2020-08-18 19:26:00
centos
centos
dovecot security update
2020-04-08 17:53:35
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2019-04-17 00:00:00
oraclelinux
oraclelinux
dovecot security and bug fix update
2019-11-14 00:00:00
dovecot security and bug fix update
2020-04-06 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: dovecot-2.3.6-3.fc30
2019-06-14 00:55:11
[SECURITY] Fedora 29 Update: dovecot-2.3.6-3.fc29
2019-07-12 06:17:31