FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot -- security hole in blocking passdbs

Affected packages
dovecot < 1.0.13


VuXML ID b39bdc06-ee42-11dc-8678-00a0cce0781e
Discovery 2008-03-09
Entry 2008-03-10

Dovecot reports:

Security hole in blocking passdbs (MySQL always. PAM, passwd and shadow if blocking=yes) where user could specify extra fields in the password. The main problem here is when specifying "skip_password_check" introduced in v1.0.11 for fixing master user logins, allowing the user to log in as anyone without a valid password.