Vulnerabilities > CVE-2022-24732 - Use of a Key Past its Expiration Date vulnerability in Maddy Project Maddy

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

maddy-project

CWE-324

NVD

Published: 2022-03-09

Updated: 2022-03-17

Summary

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.

Vulnerable Configurations

Part	Description	Count
Application	Maddy_Project Maddy Project Maddy 0.5.0 Maddy Project Maddy 0.5.1 Maddy Project Maddy 0.5.2 Maddy Project Maddy 0.5.3	4

Common Weakness Enumeration (CWE)

CWE-324 - Use of a Key Past its Expiration Date

References

https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9