You are not logged in.

#1 2005-02-04 07:31:57

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

UW-Imap issue with cram-md5

University Of Washington IMAP Server CRAM-MD5 Remote Authent...
BugTraq ID: 12391
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12391
Summary:
A remote authentication bypass vulnerability affects the CRAM-MD5 authentication
functionality of the University of Washington IMAP server.  This issue is due to a
logic error that fails to properly validate authentication attempts.

It should be noted that this issue only affects servers with CRAM-MD5 authentication
enabled, which is not the case by default.

A remote attacker may leverage this issue to authenticate to the affected server as
any user.

SecurityFocus Linux Newsletter #221


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB