6 matches found
CVE-2013-5181
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network...
RHEL 3 : imap (RHSA-2005:128)
Updated imap packages to correct a security vulnerability in CRAM-MD5 authentication are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The imap package provides server daemons for both the IMAP...
Mandrake Linux Security Advisory : imap (MDKSA-2005:026)
A vulnerability was discovered in the CRAM-MD5 authentication in UW-IMAP where, on the fourth failed authentication attempt, a user would be able to access the IMAP server regardless. This problem exists only if you are using CRAM-MD5 authentication and have an /etc/cram-md5.pwd file. This is not...
UW-IMAP CRAM-MD5 Remote Authentication Bypass
There is a flaw in the remote UW-IMAP server which allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. An attacker, exploiting this flaw, would only need to identify a vulnerable UW-IMAP server which had enabled the CRAM-MD5...
[SA14057] UW-imapd CRAM-MD5 Authentication Bypass Vulnerability
TITLE: UW-imapd CRAM-MD5 Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA14057 VERIFY ADVISORY: http://secunia.com/advisories/14057/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: UW-imapd http://secunia.com/product/1578/ DESCRIPTION: A vulnerability...
imap-uw -- authentication bypass when CRAM-MD5 is enabled
The CRAM-MD5 authentication support of the University of Washington IMAP and POP3 servers contains a vulnerability that may allow an attacker to bypass authentication and impersonate arbitrary users. Only installations with CRAM-MD5 support configured are affected...