CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in…

redhat·CWE-295·Published 2019-03-27

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

250 chars

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

NVDen

250 chars

NVDes

287 chars

Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo "username" vacío podría emplear este problema para suplantar a otros usuarios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
3.0	Primary	cve.org	7.7	—	—	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N