Description
Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.
Published: 2026-03-27
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication bypass and user enumeration via Dovecot configuration
Action: Patch
AI Analysis

Impact

An attacker can bypass Dovecot’s SQL‑based authentication when the configuration option auth_username_chars is cleared by an administrator. This misconfiguration allows the attacker to authenticate as any user and enumerate valid usernames, thereby compromising account integrity. The weakness is classified as CWE‑89, which involves improper handling of input leading to unauthorized access.

Affected Systems

The vulnerability affects Open‑Xchange GmbH’s OX Dovecot Pro product. Specific version information is not provided in the CNA data, so it is assumed that all installed instances are at risk when the parameter is cleared.

Risk and Exploitability

The CVSS score of 7.7 indicates a high risk. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting lower current exploitation interest. The attack vector is inferred to be local or administrative, as the bypass requires an administrator to clear auth_username_chars. Because there are no publicly known exploits, the exploitation would likely involve manual reconfiguration or social engineering to change the setting, after which an attacker could authenticate as any user.

Generated by OpenCVE AI on March 27, 2026 at 09:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure that auth_username_chars is never cleared in the configuration
  • Install the latest fixed version of OX Dovecot Pro if the setting cannot be preserved
  • Review and harden configuration management procedures to prevent accidental clearing of auth_username_chars
  • Monitor authentication logs for signs of unauthorized login attempts

Generated by OpenCVE AI on March 27, 2026 at 09:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass via Dovecot SQL Authentication When auth_username_chars Cleared

Fri, 27 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-03-27T12:33:25.301Z

Reserved: 2026-01-20T14:56:25.872Z

Link: CVE-2026-24031

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T09:16:19.447

Modified: 2026-03-27T09:16:19.447

Link: CVE-2026-24031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:45:45Z

Weaknesses