OX Dovecot LDAP Injection Vulnerability Allowing Authentication Bypass
Vulnerability
A vulnerability exists in OX Dovecot when the 'auth_username_chars' parameter is left empty. This configuration allows the injection of arbitrary LDAP filters into Dovecot's LDAP authentication process. Such an injection could bypass existing restrictions and enable probing of the LDAP structure. The issue is present in OX Dovecot Pro versions 3.1.0, 3.1.2, 3.1.3, and 2.3.0, as well as OX Dovecot CE versions 2.4.0, 2.4.1, and 2.4.3. The vulnerability arises from improper input validation, specifically in how usernames are escaped in LDAP queries. No publicly available exploits are known.
Impact
Exploitation of this vulnerability could lead to unauthorized authentication bypass and user enumeration, allowing attackers to manipulate or probe the LDAP structure.
Remediation
Users are advised not to leave the 'auth_username_chars' parameter empty. Instead, it is recommended to install a fixed version of OX Dovecot. The latest versions can be obtained from the Open-Xchange website or through the Open-Xchange Update Catalog.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.