dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Software | From | Fixed in |
---|---|---|
dovecot / dovecot | 1.0.7 | 1.0.7.x |