CVE-2021-28374

Name of the Vulnerable Software and Affected Versions: courier-authlib versions prior to 0.71.1-2

Description: The Debian courier-authlib package creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations, as well as the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information, such as a hash.

Recommendations: For versions prior to 0.71.1-2, update to version 0.71.1-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /run/courier/authdaemon directory to minimize the risk of exploitation.