Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Dec 2013 08:17:26 +0100
From: Salvatore Bonaccorso <>
Subject: CVE Request: SASL authentication allows wrong credentials to access


>From upstream release notes for 1.4.17[1] it states "The other notable
bug is a SASL authentication bypass glitch. If a client makes an
invalid request with SASL credentials, it will initially fail. However
if you issue a second request with bad SASL credentials, it will
authenticate. This has now been fixed.".

The upstream bugreport is at [2], with the corresponding commit fixing
this issue at [3].


Could a CVE be assigned to this issue?

Regards, and thanks in advance


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.