CVE-2026-27855: Authentication Bypass by Capture-replay in Open-Xchange GmbH OX Dovecot Pro
CVE-2026-27855 is a medium severity vulnerability in Open-Xchange GmbH's OX Dovecot Pro affecting its OTP authentication mechanism. Under specific conditions—when authentication cache is enabled and the username is altered in the password database—OTP credentials can be cached, allowing replay of the same OTP response. An attacker who can observe an OTP exchange may reuse it to log in as the user. The vulnerability is mitigated by using secure communication protocols such as SCRAM or OAUTH2 or by securing the communication channel. No public exploits are known at this time.
AI Analysis
Technical Summary
The vulnerability in OX Dovecot Pro's OTP authentication arises when the authentication cache is enabled and the username is modified in the passdb, causing OTP credentials to be cached improperly. This caching allows an attacker who can capture an OTP exchange to replay the same OTP response to authenticate as the user. The issue is specific to insecure connections; switching to SCRAM protocol or securing communications, or using OAUTH2, can mitigate the risk. There are no known public exploits for this vulnerability.
Potential Impact
Successful exploitation allows an attacker who can observe an OTP authentication exchange to bypass authentication by replaying the captured OTP response, gaining unauthorized access as the targeted user. This compromises confidentiality and integrity of user accounts but does not affect availability. The attack requires network access to capture OTP exchanges and conditions involving auth cache and username alteration.
Mitigation Recommendations
No official patch or fix is currently documented. Mitigation involves disabling authentication cache or avoiding username alterations in passdb that lead to caching OTP credentials. Additionally, ensure authentication occurs over secure channels by switching to SCRAM protocol or OAUTH2 where possible. Securing communications to prevent interception of OTP exchanges is critical. Monitor vendor advisories for updates on official fixes.
CVE-2026-27855: Authentication Bypass by Capture-replay in Open-Xchange GmbH OX Dovecot Pro
Description
CVE-2026-27855 is a medium severity vulnerability in Open-Xchange GmbH's OX Dovecot Pro affecting its OTP authentication mechanism. Under specific conditions—when authentication cache is enabled and the username is altered in the password database—OTP credentials can be cached, allowing replay of the same OTP response. An attacker who can observe an OTP exchange may reuse it to log in as the user. The vulnerability is mitigated by using secure communication protocols such as SCRAM or OAUTH2 or by securing the communication channel. No public exploits are known at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in OX Dovecot Pro's OTP authentication arises when the authentication cache is enabled and the username is modified in the passdb, causing OTP credentials to be cached improperly. This caching allows an attacker who can capture an OTP exchange to replay the same OTP response to authenticate as the user. The issue is specific to insecure connections; switching to SCRAM protocol or securing communications, or using OAUTH2, can mitigate the risk. There are no known public exploits for this vulnerability.
Potential Impact
Successful exploitation allows an attacker who can observe an OTP authentication exchange to bypass authentication by replaying the captured OTP response, gaining unauthorized access as the targeted user. This compromises confidentiality and integrity of user accounts but does not affect availability. The attack requires network access to capture OTP exchanges and conditions involving auth cache and username alteration.
Mitigation Recommendations
No official patch or fix is currently documented. Mitigation involves disabling authentication cache or avoiding username alterations in passdb that lead to caching OTP credentials. Additionally, ensure authentication occurs over secure channels by switching to SCRAM protocol or OAUTH2 where possible. Securing communications to prevent interception of OTP exchanges is critical. Monitor vendor advisories for updates on official fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- OX
- Date Reserved
- 2026-02-24T08:46:09.373Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c63ffa3c064ed76f701a54
Added to database: 3/27/2026, 8:29:46 AM
Last enriched: 4/3/2026, 1:34:55 PM
Last updated: 5/11/2026, 1:13:34 PM
Views: 73
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.