oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request (dovecot)

From: Josh Bressers <bressers () redhat com>
Date: Wed, 29 Oct 2008 14:30:36 -0400 (EDT)
I'm not sure if this is a Red Hat specific issue, but I figured I'd mention it here:
It seems dovecot can have an SSL key file password disclosure issue:
https://bugzilla.redhat.com/show_bug.cgi?id=436287

Basically, if your dovecot.conf file is world readable and you have your SSL key
password in it, anyone can see it.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: