|
|
CVE Reference: CVE-2005-0198 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-0198 |
|
|
Description: A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users. |
|
|
CVE Status: Candidate |
|
|
References: ST 1013037 SAID Secunia Advisory: SA14057 Secunia Advisory: SA14097 REDHAT http://www.redhat.com/support/errata/RHSA-2005-128.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11306 MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:026 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml CONFIRM http://www.kb.cert.org/vuls/id/CRDY-68QSL5 CERT-VN 702777 BID 12391 |
|
| Return to the previous page. |
