cvedb.io
CVE-2019-3814
HIGH · CVSS 7.7
EPSS exploitation probability: 0%
Published 2019-03-27T13:29:01.337 · Last modified 2026-06-17T02:35:38.617

Summary

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Affected products

dovecot — dovecot

Does this affect you?

Add your gear to cvedb and we'll alert you only when dovecot ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.