OX Dovecot OTP Authentication Replay Attack Vulnerability

A replay attack vulnerability has been identified in OX Dovecot authentication using One-Time Passwords (OTP). This issue arises under specific conditions: when the authentication cache is enabled and the username is modified in the password database. In such cases, OTP credentials can be cached, allowing the same OTP response to be reused for authentication. An attacker who observes an OTP exchange can exploit this vulnerability to log in as the user. This vulnerability affects OX Dovecot Pro versions 2.3.0, 3.0.2, 3.1.0, and OX Dovecot CE versions 2.4.0, 2.4.1, and 2.4.3.

Impact

Exploitation of this vulnerability allows an attacker to bypass OTP authentication, logging in as the user whose OTP was observed.

Remediation

Users should switch to a secure connection and, if possible, use the SCRAM protocol for authentication. For those on OX Dovecot Pro 2.3.0, the authentication cache can be disabled or the application can be upgraded to a fixed version.