Primary

Context

Open-Xchange Dovecot SQL Authentication Bypass Vulnerability

Vulnerability

A vulnerability exists in Open-Xchange Dovecot SQL-based authentication that allows authentication to be bypassed and user enumeration to occur. This issue arises when the 'auth_username_chars' parameter is cleared by an administrator. The vulnerability affects multiple versions of Open-Xchange Dovecot Pro and Open-Xchange Dovecot CE.

Impact

Exploiting this vulnerability bypasses authentication for all users and allows for user enumeration.

Remediation

Administrators are advised not to clear the 'auth_username_chars' setting. If it has already been cleared, the latest fixed version should be installed.

Added: Mar 27, 2026, 9:22 AM

Updated: Mar 27, 2026, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-Xchange Dovecot SQL Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating