Mac OS X Mail Cleartext Login on CRAM-MD5 Failure

2003-11-19T00:00:00
ID OSVDB:6595
Type osvdb
Reporter Chris Adams(cadams@ro.com)
Modified 2003-11-19T00:00:00

Description

Vulnerability Description

Mac OS X Mail contains a flaw that may allow a malicious user to sniff a plaintext password. The issue is triggered when CRAM-MD5 authentication fails, and the client falls back to plaintext authentication. It is possible that the flaw may allow plaintext password disclosure resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X Mail contains a flaw that may allow a malicious user to sniff a plaintext password. The issue is triggered when CRAM-MD5 authentication fails, and the client falls back to plaintext authentication. It is possible that the flaw may allow plaintext password disclosure resulting in a loss of confidentiality.

References:

Vendor URL: http://www.apple.com/macosx Vendor Specific Advisory URL Secunia Advisory ID:10086 ISS X-Force ID: 13607 CVE-2003-0881