FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imap-uw -- authentication bypass when CRAM-MD5 is enabled

Affected packages
imap-uw < 2004b,1

Details

VuXML ID d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616
Discovery 2005-01-04
Entry 2005-06-03

The CRAM-MD5 authentication support of the University of Washington IMAP and POP3 servers contains a vulnerability that may allow an attacker to bypass authentication and impersonate arbitrary users. Only installations with CRAM-MD5 support configured are affected.

References

CERT/CC Vulnerability Note 702777
CVE Name CVE-2005-0198