6.8

CVE-2008-1218

EPSS 18.73%
Published 10.03.2008 23:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Affected products Warnungen 0 Metrics 2 CWE 0 References 24

Data is provided by the National Vulnerability Database (NVD)

Dovecot ≫ Dovecot Version <= 1.0.12

Dovecot ≫ Dovecot Updaterc2 Version <= 1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.73%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html

http://secunia.com/advisories/32151

http://secunia.com/advisories/29226

http://secunia.com/advisories/29385

http://secunia.com/advisories/29396

http://secunia.com/advisories/29557

http://security.gentoo.org/glsa/glsa-200803-25.xml

http://www.debian.org/security/2008/dsa-1516

https://usn.ubuntu.com/593-1/

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html

http://secunia.com/advisories/29295

http://secunia.com/advisories/29364

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108

http://www.dovecot.org/list/dovecot-news/2008-March/000064.html

http://www.dovecot.org/list/dovecot-news/2008-March/000065.html

http://www.securityfocus.com/archive/1/489481/100/0/threaded

http://www.securityfocus.com/bid/28181

https://exchange.xforce.ibmcloud.com/vulnerabilities/41085

https://issues.rpath.com/browse/RPL-2341

https://www.exploit-db.com/exploits/5257

https://nvd.nist.gov/vuln/detail/CVE-2008-1218

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1218

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1218

EUVD