Vulnerability Details CVE-2005-0198
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.302
EPSS Ranking 96.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/14057
- http://secunia.com/advisories/14097
- http://securitytracker.com/id?1013037
- http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
- http://www.kb.cert.org/vuls/id/702777
- http://www.kb.cert.org/vuls/id/CRDY-68QSL5
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
- http://www.redhat.com/support/errata/RHSA-2005-128.html
- http://www.securityfocus.com/bid/12391
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
- http://secunia.com/advisories/14057
- http://secunia.com/advisories/14097
- http://securitytracker.com/id?1013037
- http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
- http://www.kb.cert.org/vuls/id/702777
- http://www.kb.cert.org/vuls/id/CRDY-68QSL5
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
- http://www.redhat.com/support/errata/RHSA-2005-128.html
- http://www.securityfocus.com/bid/12391
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306
Products affected by CVE-2005-0198
-
cpe:2.3:a:university_of_washington:uw-imap:*