PT-2011-4412 · Cyrus+1 · Cyrus Imap+1

Published

2011-12-01

Updated

2024-06-15

CVE-2011-3372

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cyrus IMAPd versions 2.4.x through 2.4.11

Description The issue allows remote attackers to bypass authentication in the NNTP server (nntpd) by sending an AUTHINFO USER command without an additional AUTHINFO PASS command.

Recommendations For Cyrus IMAPd versions 2.4.x through 2.4.11, update to version 2.4.12 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2011-3372

DSA-2318-1

OPENSUSE-SU-2024:10015-1

RHSA-2011:1508

RHSA-2011_1508

Affected Products

Cyrus Imap

Red Hat

PT-2011-4412 · Cyrus+1 · Cyrus Imap+1

CVE-2011-3372

Weakness Enumeration

Related Identifiers

Affected Products

References · 19