CCE-92232-8| Platform: cpe:/o:amazon:linux:2 | Date: (C)2018-10-29 (M)2023-07-04 |
This option tells Dovecot where to find the the mail
server's SSL Key.
Edit '/etc/dovecot/conf.d/10-ssl.conf' and add or correct the following
line (
Parameter:
[Dovecot_ssl_key_path]
Technical Mechanism:
SSL certificates are used by the client to authenticate the identity
of the server, as well as to encrypt credentials and message traffic.
Not using SSL to encrypt mail server traffic could allow unauthorized
access to credentials and mail messages since they are sent in plain
text over the network.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 4.3 | Attack Vector: ADJACENT_NETWORK |
| Exploit Score: 2.8 | Attack Complexity: LOW |
| Impact Score: 1.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: NONE |
| | Availability: NONE |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48733 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48419 |
