CVE-2022-24732
Summary
| CVE | CVE-2022-24732 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-09 20:15:00 UTC |
| Updated | 2022-03-17 01:44:00 UTC |
| Description | Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. |
Risk And Classification
Problem Types: CWE-613 | CWE-324
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Maddy Project | Maddy | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| auth/pam: Check for account/password expiry · foxcpp/maddy@7ee6a39 · GitHub | MISC | github.com | |
| auth.pam allows accounts with expired passwords and expired accounts · Advisory · foxcpp/maddy · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.