Lucene search

[email protected]CVE-2003-0881

HistoryNov 03, 2003 - 5:00 a.m.

CVE-2003-0881

2003-11-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0881

mac os x

mail

plaintext authentication

remote attackers

privileges

sniffing

password

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.3

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.3

References

docs.info.apple.com/article.html?artnum=61798

lists.apple.com/mhonarc/security-announce/msg00038.html

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON