CVE-2008-1218
EPSS 19.7%
Description
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
How to fix CVE-2008-1218
To remediate CVE-2008-1218, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1:1.0.13-1 or later
Is CVE-2008-1218 being exploited?
Moderate — EPSS is 19.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:1.0.13-1