Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0198

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0198
Last Modified 21 Aug 2010 12:25:38
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0198

Summary

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Vulnerable Systems

Application

  • University Of Washington Uw-imap


References

CONFIRM - http://www.kb.cert.org/vuls/id/CRDY-68QSL5

CERT-VN - VU#702777

REDHAT - RHSA-2005:128

GENTOO - GLSA-200502-02

BID - 12391

MANDRAKE - MDKSA-2005:026

SECTRACK - 1013037

SECUNIA - 14097

SECUNIA - 14057


Last Updated: 27 May 2016 10:39:42