Unrated severityNVD Advisory· Published Dec 24, 2011· Updated Apr 29, 2026

CVE-2011-3372

Description

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Affected products

Cyrus/Imapd
cpe:2.3:a:cyrus:imapd:*:*:*:*:*:*:*:*
Range: <=2.4.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/46093nvdVendor Advisory
secunia.com/secunia_research/2011-68nvdVendor Advisory
cyrusimap.org/mediawiki/index.php/Latest_Updatesnvd
git.cyrusimap.org/cyrus-imapd/commit/nvd
securitytracker.com/idnvd
www.debian.org/security/2011/dsa-2318nvd
www.mandriva.com/security/advisoriesnvd
www.redhat.com/support/errata/RHSA-2011-1508.htmlnvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000