Quantcast
Viewing all articles
Browse latest Browse all 241

CRITICAL SECURITY FIX of iRedAdmin on FreeBSD and OpenBSD

Dear all,

We just found a critical security issue of iRedAdmin (both open source edition and iRedAdmin-Pro) on FreeBSD and OpenBSD system, please upgrade it immediately.

Note: iRedMail-0.9.5-1 was repacked with new iRedAdmin release (0.6.2) which contains this fix today.

The Issue

iRedAdmin calls an incorrect function to verify BCRYPT password hash while admin trying to login, if the admin account exists, iRedAdmin accepts any password and the admin logs in.

Affected Linux/BSD distributions

BCRYPT is available on FreeBSD and OpenBSD, but not Linux, so this issue impacts only FreeBSD and OpenBSD systems.

Affected iRedAdmin versions

This bug was introduced in iRedAdmin (both open source edition and iRedAdmin-Pro) on May 3, 2016, versions released after May 3 contain this bug:

  • iRedAdmin-0.6.1 (shipped by iRedMail-0.9.5-1)

  • iRedAdmin-Pro-SQL-2.4.0

  • iRedAdmin-Pro-LDAP-2.6.0

How to fix it

Viewing all articles
Browse latest Browse all 241

Trending Articles