6.8

CVE-2008-1218

EPSS 18.73%
Veröffentlicht 10.03.2008 23:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dovecot ≫ Dovecot Version <= 1.0.12

Dovecot ≫ Dovecot Updaterc2 Version <= 1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.73%	0.949

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html

http://secunia.com/advisories/32151

http://secunia.com/advisories/29226

http://secunia.com/advisories/29385

http://secunia.com/advisories/29396

http://secunia.com/advisories/29557

http://security.gentoo.org/glsa/glsa-200803-25.xml

http://www.debian.org/security/2008/dsa-1516

https://usn.ubuntu.com/593-1/

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html

http://secunia.com/advisories/29295

http://secunia.com/advisories/29364

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108

http://www.dovecot.org/list/dovecot-news/2008-March/000064.html

http://www.dovecot.org/list/dovecot-news/2008-March/000065.html

http://www.securityfocus.com/archive/1/489481/100/0/threaded

http://www.securityfocus.com/bid/28181

https://exchange.xforce.ibmcloud.com/vulnerabilities/41085

https://issues.rpath.com/browse/RPL-2341

https://www.exploit-db.com/exploits/5257

https://nvd.nist.gov/vuln/detail/CVE-2008-1218

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1218

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1218

EUVD