Patrick Cheong Shu Yang

**Name of the Vulnerable Software and Affected Versions** courier-authdaemon versions 0.37.3 through 0.52.1 **Description** The issue is related to the authentication process in courier-authdaemon. When using pam tally, the `pam acct mgmt` function is not called to verify if access should be granted. This allows attackers to authenticate to the server using accounts that have been disabled. **Recommendations** For versions 0.37.3 through 0.52.1, update to a version that includes the fix for this issue, ensuring that the `pam acct mgmt` function is properly called to verify account status before granting access.