27 matches found
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
AZL-69835 CVE-2025-30189 affecting package dovecot 2.3.20-1
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
UBUNTU-CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
CVE-2025-30189 affects Open-Xchange OX Dovecot Pro (and dovecot-based components) where enabling authentication caching causes incorrect caching: multiple users sharing the same cache key leads to the cached entry being reused for subsequent logins. The issue is described in multiple advisories (...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
SUSE CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
F5 Big-IP Create Administrative User
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...
Security update for dovecot23 (moderate)
openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:1225-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...
DEBIAN-CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
Authentication flaw
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
UBUNTU-CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
cics-user-enum NSE Script
CICS User ID enumeration script for the CESL/CESN Login screen. Script Arguments cics-user-enum.commands Commands in a semi-colon separated list needed to access CICS. Defaults to CICS. idlist Path to list of transaction IDs. Defaults to the list of CICS transactions from IBM...
ipmi-brute NSE Script
Performs brute force password auditing against IPMI RPC server. Script Arguments brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the brute...
i-SDN Manager /data/config/userdb information leak vulnerability
No description provided by source...
USN-2935-2 pam regression
USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PAM pamuserdb module incorrectly us...
ssh-brute NSE Script
Performs brute-force password guessing against ssh servers. Script Arguments ssh-brute.timeout Connection timeout default: "5s" brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique,...
DEBIAN-CVE-2013-7041
The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack...