University Of Washington IMAP Server CRAM-MD5 Remote Authent...
BugTraq ID: 12391
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12391
A remote authentication bypass vulnerability affects the CRAM-MD5 authentication
functionality of the University of Washington IMAP server. This issue is due to a
logic error that fails to properly validate authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5 authentication
enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the affected server as
SecurityFocus Linux Newsletter #221
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍