CVE-2019-10229

Name of the Vulnerable Software and Affected Versions: MailStore Server versions 9.x through 11.x before 11.2.2 MailStore Server Service Provider Edition versions 9.x through 11.x before 11.2.2

Description: An issue allows an attacker to login as an existing user with an arbitrary password on the second login attempt when the directory service is set to Generic LDAP.

Recommendations: For MailStore Server versions 9.x through 11.x before 11.2.2, update to version 11.2.2 or later. For MailStore Server Service Provider Edition versions 9.x through 11.x before 11.2.2, update to version 11.2.2 or later. As a temporary workaround, consider restricting access to the Generic LDAP directory service until a patch is available.