Mac OS X Postfix CRAM-MD5 Replay Credentials

2004-12-02T00:00:00
ID OSVDB:12200
Type osvdb
Reporter Victor Duchovni()
Modified 2004-12-02T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow an unauthorized user to authenticate. The issue is triggered when the CRAM-MD5 credentials used by Postfix can in some situations be replayed during a short time period. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow an unauthorized user to authenticate. The issue is triggered when the CRAM-MD5 credentials used by Postfix can in some situations be replayed during a short time period. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1012395 Secunia Advisory ID:13362 ISS X-Force ID: 18353 CVE-2004-1088