Foxcpp

**Name of the Vulnerable Software and Affected Versions** maddy versions 0.2.0 through 0.6.2 **Description** The issue allows for a full authentication bypass if a SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. **Recommendations** For versions 0.2.0 through 0.6.2, upgrade to version 0.6.3 to resolve the issue. As a temporary workaround, consider disabling the use of the PLAIN authentication mechanisms until a patch is available. Restrict access to the SASL authorization username to minimize the risk of exploitation.