Open-Xchange OX Dovecot Invalid Base64 SASL Data Authentication Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in Open-Xchange Dovecot Pro and Community Edition versions 2.4.0, 2.4.1, 2.4.3, and 3.1.0, as well as Dovecot Pro versions 3.1.0, 3.1.2, 3.1.3, and 3.1.4. When invalid base64 SASL data is sent during the login process, the connection to the authentication server is disrupted, causing all active authentication sessions to fail. This exploitation of invalid BASE64 data can lead to a denial-of-service condition by breaking concurrent logins on the affected server.
Impact
Exploitation of this vulnerability disrupts the login process, causing active authentication sessions to fail and breaking concurrent logins on the server.
Remediation
Users can upgrade to OX Dovecot Pro versions 3.1.2 or 3.1.4, or OX Dovecot CE versions 2.4.3, or 2.4.1. Alternatively, logins can be processed sequentially instead of concurrently, although this may significantly impact performance in large deployments.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.