Dovecot CVE-2025-30189: Auth cache causes access to wrong account
Dovecot IMAP Server 2.4.0和2.4.1版本中发现认证缓存漏洞(CVE-2025-30189),使用OAuth2或其他认证方式时会导致首次查找结果被错误缓存。修复方法为禁用认证缓存或升级至非受影响版本(如2.4.2)。 2025-10-30 01:5:9 Author: seclists.org(查看原文) 阅读量:12 收藏
Dovecot IMAP Server 2.4.0和2.4.1版本中发现认证缓存漏洞(CVE-2025-30189),使用OAuth2或其他认证方式时会导致首次查找结果被错误缓存。修复方法为禁用认证缓存或升级至非受影响版本(如2.4.2)。 2025-10-30 01:5:9 Author: seclists.org(查看原文) 阅读量:12 收藏
Full Disclosure mailing list archives
From: Aki Tuomi via Fulldisclosure <fulldisclosure () seclists org>
Date: Wed, 29 Oct 2025 10:22:47 +0200 (EET)
Affected product: Dovecot IMAP Server
Internal reference: DOV-7830
Vulnerability type: CWE-1250 (Improper Preservation of Consistency Between Independent Representations of Shared State)
Vulnerable version: 2.4.0, 2.4.1
Vulnerable component: auth
Report confidence: Confirmed
Solution status: Fixed in 2.4.2
Researcher credits: Erik <erik () broadlux com>
Vendor notification: 2025-07-25
CVE reference: CVE-2025-30189
CVSS: 7.4 (CVSS3.1:AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Vulnerability Details:
Using auth caching with oauth2 passdb, passwd passdb or userdb, or passwd userdb, causes the first lookup to be cached
for all the lookups. This is because the cache key is "%u" which no longer actually expands to same as "%{user}".
Workaround:
Disabling auth cache will prevent the issue. This can be done with auth_cache_size=0.
Fix
Install non-vulnerable version of Dovecot. Patch can be found at
https://github.com/dovecot/core/compare/a70ce7d3e2f983979e971414c5892c4e30197231%5E...34caed79b76a7b82a2a9c94cf35371bec6c2b826.patch
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Dovecot CVE-2025-30189: Auth cache causes access to wrong account Aki Tuomi via Fulldisclosure (Oct 29)
文章来源: https://seclists.org/fulldisclosure/2025/Oct/29
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh