CVE-2008-1218

Dovecot <1.0.13, <1.1.rc3 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1218. PoCs published by kingcope.

AI-analyzed exploit summary This exploit leverages a Dovecot IMAP vulnerability (CVE-2008-1218) to bypass authentication by injecting special configuration options into the login command. It retrieves all emails from the target account if the server is misconfigured.

Description

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · pythonremotemultiple

https://www.exploit-db.com/exploits/5257

View Code ZIP pw:eip

This exploit leverages a Dovecot IMAP vulnerability (CVE-2008-1218) to bypass authentication by injecting special configuration options into the login command. It retrieves all emails from the target account if the server is misconfigured.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dovecot IMAP 1.0.10 to 1.1rc3

No auth needed

Prerequisites: Dovecot IMAP server with misconfigured authentication options · Network access to the IMAP service

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200803-25.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29295

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41085

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5257

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29557

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1516

Third Party Advisory x_refsource_misc

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/593-1/

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29364

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-2341

Various Sources mailing-list x_refsource_mlist

http://www.dovecot.org/list/dovecot-news/2008-March/000064.html

Various Sources mailing-list x_refsource_mlist

http://www.dovecot.org/list/dovecot-news/2008-March/000065.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29226

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/489481/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32151

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29385

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28181

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29396

Scores

EPSS 0.0734

EPSS Percentile 93.6%

Details

CWE

CWE-255

Status published

Products (2)

dovecot/dovecot < 1.0.12

dovecot/dovecot < 1.1

Published Mar 10, 2008

Tracked Since Feb 18, 2026