Full title: Dovecot IMAP Server 2.2 Improper Access Control Vulnerability 
Category: remote exploits
Platform: multiple
Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication.

# 0day.today @ http://0day.today/