CVE-2026-27855

MEDIUM

OX Dovecot Pro <2.3.0 - Replay Attack

Title source: llm

Description

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.

References (1)

[Vendor Advisory] https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

Scores

CVSS v3 6.8

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-294

Status published

Products (3)

dovecot/dovecot < 2.4.3

open-xchange/dovecot < 2.3.0

Open-Xchange GmbH/OX Dovecot Pro < 2.3.0

Published Mar 27, 2026

Tracked Since Mar 27, 2026