Dovecot


reports in last 90 days

3

disclosed resolved issues

5

disclosed informative issues

5

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Username restriction bypass with SSL client authentication

Improper Authentication - Generic halfdog Time to triage: 0 Days and 2 hours


Time to close: 19 Days and 20 hours
Resolved

None command Injection in rawlog binary

Command Injection - Generic mikki_khan Issue was not triaged


Time to close: 0 Days and 2 hours
Informative

None Buffer overflow in sha3

Classic Buffer Overflow knk Issue was not triaged


Time to close: 0 Days and 2 hours
Informative

Medium Dovecot authentication is vulnerable to timing attacks.

Cryptographic Issues - Generic edoverflow Time to triage: 0 Days and 9 hours


Time to close: 2 Days and 11 hours
Resolved

Low Information About Your System(Sensitive Directories)

Information Disclosure socialfox Issue was not triaged


Time to close: 0 Days and 2 hours
Not-applicable

No rating SSL Certification Expired And TLS Vulnerability

Cryptographic Issues - Generic hack40077 Issue was not triaged


Time to close: 0 Days and 10 hours
Informative

No rating nginx server vulnerable

UI Redressing (Clickjacking) thalaivarsubu Time to triage: 0 Days and 1 hours


Time to close: 2 Days and 22 hours
Resolved

Medium Web Browser XSS Protection Not Enabled

Cross-site Scripting (XSS) - Generic snicker2812 Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

None Directory listing

None supplied c4pt4ink1dd Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Outdated Apache Server in www.dovecot.fi is vulnerable to various attack.

Denial of Service koolacac Issue was not triaged


Time to close: 0 Days and 2 hours
Informative

No rating Apache version disclosure

Information Disclosure ignatius Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

No rating DIrectory Listing Found

Information Disclosure harikrishnan_c Issue was not triaged


Time to close: 2 Days and 9 hours
Not-applicable

No rating Cross-Site Scripting Vulnerability in dovecot.fi

Cross-site Scripting (XSS) - Generic kanti Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable