Vulnerability Report

CVE-2011-3372

Title: Cyrus Imapd Auth Bypass

Auth Bypass

Proof Of Concept

No public PoC currently indexed for CVE-2011-3372.

CWE Category CWE-287

Published Date Dec 24, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 7.5 CVSS v2.0

Exploit Probability (EPSS)

0.27%

Vulnerability Summary

CVE-2011-3372: imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Impacted Vendors

university_of_washington 1

cyrus 1

Reference Links

http://cyrusimap.org/mediawiki/index.php/Latest_Updates http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594 http://secunia.com/advisories/46093 http://secunia.com/secunia_research/2011-68 http://securitytracker.com/id?1026363 http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.redhat.com/support/errata/RHSA-2011-1508.html https://bugzilla.redhat.com/show_bug.cgi?id=740822 http://cyrusimap.org/mediawiki/index.php/Latest_Updates http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594 http://secunia.com/advisories/46093 http://secunia.com/secunia_research/2011-68 http://securitytracker.com/id?1026363 http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.redhat.com/support/errata/RHSA-2011-1508.html https://bugzilla.redhat.com/show_bug.cgi?id=740822

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-3372 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

December 24, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.