NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

EUVD-2026-14880

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

SUSE CVE-2005-0198

A logic error in the CRAM-MD5 code for the University of Washington IMAP UW-IMAP server, when Challenge-Response Authentication Mechanism with MD5 CRAM-MD5 is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticat...

IBM Domino IMAP Server Buffer Overflow Vulnerability

IBM Domino is prone to a buffer overflow vulnerability SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino";...

VulnCheck KEV: CVE-2007-1675

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server nimap.exe in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username...

IBM Tivoli Directory Server buffer overflow

Buffer overflow in LDAP TCP/389 CRAM-MD5 authentication...

CVE-2007-5466

Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to 1 have an unknown impact by sending multiple long strings to the IMAP port 143/tcp; 2 execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; 3 execut...

CVE-2007-5466

Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to 1 have an unknown impact by sending multiple long strings to the IMAP port 143/tcp; 2 execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; 3 execut...

Mercury/32 / Mercury/NLM SMTP server buffer overflow

Buffer overflow on oversized CRAM-MD5 authentication string...

CVE-2007-1675

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server nimap.exe in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username...

Lotus Domino multiple security vulnerabilities

LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication...

ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability

ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-011.html March 28, 2007 -- CVE ID: CVE-2007-1675 -- Affected Vendor: IBM -- Affected Products: IBM Lotus Domino Server 6.5 IBM Lotus Domino Server 7.0 ...

CVE-2005-3402

CVE-2005-3402 affects Mozilla Thunderbird SMTP client (notably 1.0.5 BETA and 1.0.7). The issue is that Thunderbird does not notify users when it cannot establish a secure channel with the SMTP server, enabling a MITM to obtain authentication information by bypassing TLS or downgrading CRAM-MD5 t...

MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit)

$Id: mdaemoncrammd5.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

cmd5checkpw: Local password leak vulnerability

Background cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode. Description Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the...

GLSA-200502-02 : UW IMAP: CRAM-MD5 authentication bypass

The remote host is affected by the vulnerability described in GLSA-200502-02 UW IMAP: CRAM-MD5 authentication bypass A logic bug in the code handling CRAM-MD5 authentication incorrectly specifies the condition for successful authentication. Impact : An attacker could exploit this vulnerability to...

UW IMAP: CRAM-MD5 authentication bypass

Background UW IMAP is the University of Washington IMAP toolkit which includes POP3 and IMAP daemons. Description A logic bug in the code handling CRAM-MD5 authentication incorrectly specifies the condition for successful authentication. Impact An attacker could exploit this vulnerability to...

UW-imapd CRAM-MD5 Authentication Bypass

Binary data 2568.prm...