CVE-2011-3372

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Date published : 2011-12-24

http://cyrusimap.org/mediawiki/index.php/Latest_Updates

http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594