Home > Cyber News > CVE-2021-33515 Dovecot Vulnerability Could Allow Email Snooping

CVE-2021-33515 Dovecot Vulnerability Could Allow Email Snooping

CVE-2021-33515  dovecot vulnerabilitySecurity researchers discovered a vulnerability, CVE-2021-33515, in the underlying technology deployed by most email servers running the IMAP protocol (Internet Message Access Protocol). The vulnerability has been around for at least a year, allowing attackers to bypass TLS email protections and snoop on messages.

Related: Four Zero-Days Patched in Microsoft Exchange E-Mail Server

CVE-2021-33515 In Detail

Fortunately, the bug which was first reported in August last year is now patched. The issue stems from the email server software called Dovecot, which is used by the majority of IMAP severs.

According to researchers Fabian Ising and Damian Poddebniak from Münster University of Applied Sciences, the CVE-2021-33515 vulnerability creates the possibility of a MITM attack. “During our research into the security of email servers at Münster University of Applied Sciences, we found a command injection vulnerability related to STARTTLS in Dovecot,” the researchers said in their report.

The flaw could allow a MITM attacker between a mail client and Dovecot to inject unencrypted commands into the encrypted TLS context, redirecting user credentials and mails to the attacker. However, it should be noted that an attacker needs to have sending permissions on the Dovecot server.

A successful exploit could allow a MITM attacker to steal SMTP user credentials and mails, the researchers warned.

According to Ubuntu’s advisory:

On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected.

Fortunately, the vulnerability, which Tenable rated as critical has already been pathed. A patch is available for Dovecot running on Ubuntu. Affected parties should update to Dovecot version v2.3.14.1 and later. Workaround fixes are also available, such as disabling START-TLS and configuring Dovecot to only accept pure TLS connections on port 993/465/995. However, the attack must be mitigated on the server, the researchers pointed out.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree