Authentication Bypass

2020-04-1001:06:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.02 Low

EPSS

Percentile

88.9%

JSON

cyrus-imapd is vulnerable to authentication bypass. The vulnerability is allows a remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials.

CPENameOperatorVersion
cyrus-imapdeq2.2.12__10.el4_8.4
cyrus-imapdeq2.2.12__10.el4_8.1
cyrus-imapdeq2.2.12__15.el4
cyrus-imapdeq2.3.7__2.el5
cyrus-imapdeq2.3.7__7.el5_6.4
cyrus-imapdeq2.3.7__2.el5_3.2
cyrus-imapdeq2.2.12__16.el4
cyrus-imapdeq2.3.7__7.el5_4.3
cyrus-imapdeq2.3.7__1.1.el5
cyrus-imapdeq2.3.7__7.el5

Name	Operator	Version
cyrus-imapd	eq	2.2.12__10.el4_8.4
cyrus-imapd	eq	2.2.12__10.el4_8.1
cyrus-imapd	eq	2.2.12__15.el4
cyrus-imapd	eq	2.3.7__2.el5
cyrus-imapd	eq	2.3.7__7.el5_6.4
cyrus-imapd	eq	2.3.7__2.el5_3.2
cyrus-imapd	eq	2.2.12__16.el4
cyrus-imapd	eq	2.3.7__7.el5_4.3
cyrus-imapd	eq	2.3.7__1.1.el5
cyrus-imapd	eq	2.3.7__7.el5