Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1218 — Argument Injection in Dovecot

CWE-2559 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

18.7%

top 4.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dovecot Debian Dovecot

Timeline

PublishedMar 10

Latest updateMay 1

Description

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1:1.0.13-1 (bookworm)

▶Debiandovecot/dovecot< 1:1.0.13-1+3

▶NVDdovecot/dovecot1.0.12+1

🔴Vulnerability Details

GHSA

GHSA-g2xp-pqfg-wfq9: Argument injection vulnerability in Dovecot 1↗2022-05-01

▶

OSV

CVE-2008-1218: Argument injection vulnerability in Dovecot 1↗2008-03-10

▶

💥Exploits & PoCs

Exploit-DB

PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities↗2008-04-29

▶

Exploit-DB

Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure↗2008-03-14

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2008-03-26

▶

Red Hat

dovecot: unauthorized login↗2008-03-09

▶

Debian

CVE-2008-1218: dovecot - Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x befor...↗2008

▶

💬Community

Bugzilla

CVE-2008-1218 dovecot: unauthorized login↗2008-03-11

▶