CVE-2022-26562
Summary
| CVE | CVE-2022-26562 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-01 20:15:00 UTC |
|---|
| Updated | 2023-05-11 16:15:00 UTC |
|---|
| Description | An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final). |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Kopano |
Groupware Core |
11.0.2.51 |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| [KC-2021] CVE-2022-26562 Pam: Successful auth despite expired kerberos account - Kopano |
MISC |
jira.kopano.io |
|
| Kopano - e-mails, calendars, video meetings in a digitally sovereign way |
MISC |
kopano.com |
|
| Commit - rpms/zarafa - a5a8366ccf07f248fae6edffb5123cfda579bfdb - src.fedoraproject.org |
MISC |
src.fedoraproject.org |
|
| [SECURITY] [DLA 3354-1] kopanocore security update |
MLIST |
lists.debian.org |
|
| kopano-core/ECKrbAuth.cpp at master · Kopano-dev/kopano-core · GitHub |
MISC |
github.com |
|
| 2192126 – (CVE-2022-26562) CVE-2022-26562: zarafa: Missing account validation in ECPAMAuthenticateUser() |
MISC |
bugzilla.redhat.com |
|
| Source of ECKrbAuth.cpp - kopanocore - Bitbucket |
MISC |
stash.kopano.io |
|
| bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b |
MISC |
bodhi.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181624 Debian Security Update for kopanocore (DLA 3354-1)
