An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
References
Configurations
History
11 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final). | |
References |
|
06 Mar 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Apr 2022, 00:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:kopano:groupware_core:11.0.2.51:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-287 | |
References | (MISC) https://kopano.com/ - Vendor Advisory | |
References | (MISC) https://stash.kopano.io/projects/KC/repos/kopanocore/browse/provider/libserver/ECKrbAuth.cpp#137 - Exploit, Vendor Advisory |
01 Apr 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-01 20:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-26562
Mitre link : CVE-2022-26562
CVE.ORG link : CVE-2022-26562
JSON object : View
Products Affected
kopano
- groupware_core
CWE
CWE-287
Improper Authentication