FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0198

This CVE name corresponds to:

Entered Topic
2005-06-03 imap-uw -- authentication bypass when CRAM-MD5 is enabled

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0198 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0198
Phase Assigned(20050131)

Description

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

References

Source Reference
CERT-VN VU#702777
CONFIRM http://www.kb.cert.org/vuls/id/CRDY-68QSL5
GENTOO GLSA-200502-02
MANDRAKE MDKSA-2005:026
REDHAT RHSA-2005:128
BID 12391
OVAL oval:org.mitre.oval:def:11306
SECTRACK 1013037
SECUNIA 14057
SECUNIA 14097

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.