Description
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/foxcpp/maddy/security/advisories/GHSA-6cp7-g972-w9m9
Patch, Third Party Advisory x_refsource_misc
https://github.com/foxcpp/maddy/commit/7ee6a39c6a1939b376545f030a5efd6f90913583
Scores
CVSS v3
6.3
EPSS
0.0039
EPSS Percentile
30.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
CWE-324
Status
published
Products (2)
foxcpp/maddy
0 - 0.5.4Go
maddy_project/maddy
0.5.0 - 0.5.4
Published
Mar 09, 2022
Tracked Since
Feb 18, 2026