Displaying 1 result from an estimated 1 matches for "commonam".
Did you mean:
commona
2019 Feb 05
0
CVE-2019-3814: Suitable client certificate can be used to login as other user
...(Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This does not
apply to Dovecot Submission service.
Proof of concept
Create a CA certificate for signing, and sign a certificate with missing
commoName attribute.
With following configuration
passdb {
??? driver = static
??? arguments = nopassword
}
ssl_ca =</path/to/ca.pem
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
You are able to log in as any user with this certificate using following
commands:
openssl s_clien...