Lucene search

K

GoogleOSV:GHSA-4G76-W3XW-2X6W

HistoryMar 14, 2023 - 6:03 p.m.

Full authentication bypass if SASL authorization username is specified

2023-03-1418:03:22

Google

osv.dev

5

maddy

authentication bypass

sasl authorization

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.4%

Impact

maddy 0.2.0 - 0.6.2 allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified authorization username, it is accepted as is after checking the credentials for the authentication username.

Patches

maddy 0.6.3 includes the fix for the bug.

Workarounds

There is no way to fix the issue without upgrading.

References

Commit that introduced the vulnerable code: https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a
Fix: https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c

References

github.com/foxcpp/maddy

github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a

github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c

github.com/foxcpp/maddy/releases/tag/v0.6.3

github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w

nvd.nist.gov/vuln/detail/CVE-2023-27582

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.4%

Related for OSV:GHSA-4G76-W3XW-2X6W

veracode1 osv2 cvelist1 cve1 github1 prion1 nvd1