Postfix · Postfix · CVE-2004-0925
Name of the Vulnerable Software and Affected Versions:
Postfix versions 10.3.x through 10.3.5
Description:
The issue is related to the improper clearing of the username between authentication attempts when SMTPD AUTH is enabled. This allows users with the longest username to prevent other valid users from authenticating.
Recommendations:
For versions 10.3.x through 10.3.5, consider disabling SMTPD AUTH as a temporary workaround until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation. Avoid using the `username` variable in the affected authentication endpoint until the issue is resolved.