CVE-2019-3814
dovecot: Improper certificate validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo "username" vacío podría emplear este problema para suplantar a otros usuarios.
It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-02-05 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814 | Issue Tracking |
URL | Date | SRC |
---|---|---|
https://www.dovecot.org/list/dovecot/2019-February/114575.html | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | >= 1.1.0 < 2.2.36.1 Search vendor "Dovecot" for product "Dovecot" and version " >= 1.1.0 < 2.2.36.1" | - |
Affected
| ||||||
Dovecot Search vendor "Dovecot" | Dovecot Search vendor "Dovecot" for product "Dovecot" | >= 2.3.0 < 2.3.4.1 Search vendor "Dovecot" for product "Dovecot" and version " >= 2.3.0 < 2.3.4.1" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
|