CVE-2021-28374

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash).
References
Link Resource
https://bugs.debian.org/984810 Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/04/msg00011.html Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:debian:courier-authlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2021-03-14 22:15

Updated : 2021-05-17 09:59


NVD link : CVE-2021-28374

Mitre link : CVE-2021-28374


JSON object : View

CWE
CWE-312

Cleartext Storage of Sensitive Information

Advertisement

dedicated server usa

Products Affected

debian

  • courier-authlib
  • debian_linux