CVE-2005-0198

🗓️ 06 Feb 2005 05:00:00Reported by mitreType

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users

Reporter	Title	Published	Views	Family All 28
Tenable Nessus	UW-imapd CRAM-MD5 Authentication Bypass	28 Jan 200500:00	–	nessus
Tenable Nessus	FreeBSD : imap-uw -- authentication bypass when CRAM-MD5 is enabled (d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616)	13 Jul 200500:00	–	nessus
Tenable Nessus	GLSA-200502-02 : UW IMAP: CRAM-MD5 authentication bypass	14 Feb 200500:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : imap (MDKSA-2005:026)	2 Feb 200500:00	–	nessus
Tenable Nessus	RHEL 3 : imap (RHSA-2005:128)	23 Feb 200500:00	–	nessus
Tenable Nessus	SuSE9 Security Update : imap (YOU Patch Number 9885)	24 Sep 200900:00	–	nessus
Tenable Nessus	SUSE-SA:2005:012: imap	1 Mar 200500:00	–	nessus
Tenable Nessus	UW-IMAP CRAM-MD5 Remote Authentication Bypass	29 Jan 200500:00	–	nessus
Cvelist	CVE-2005-0198	6 Feb 200505:00	–	cvelist
FreeBSD	imap-uw -- authentication bypass when CRAM-MD5 is enabled	4 Jan 200500:00	–	freebsd

NVD

Node

university_of_washington uw-imap

Source	Link
secunia	www.secunia.com/advisories/14097
kb	www.kb.cert.org/vuls/id/CRDY-68QSL5
mandriva	www.mandriva.com/security/advisories
redhat	www.redhat.com/support/errata/RHSA-2005-128.html
securitytracker	www.securitytracker.com/id
securityfocus	www.securityfocus.com/bid/12391
kb	www.kb.cert.org/vuls/id/702777
gentoo	www.gentoo.org/security/en/glsa/glsa-200502-02.xml
oval	www.oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
secunia	www.secunia.com/advisories/14057

16 Apr 2026 00:27Current

6.7Medium risk

Vulners AI Score6.7

CVSS 27.5

EPSS0.26656