{"vuid":"VU#702777","idnumber":"702777","name":"UW-imapd fails to properly authenticate users when using CRAM-MD5","keywords":["University of Washington","imap","authentication","CRAM-MD5"],"overview":"A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox.","clean_desc":"The Internet Message Access Protocol (IMAP) is a method of accessing electronic messages kept on a remote mail server and is specified in RFC3501. The University of Washington IMAP server features multiple user authentication methods, including the Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) as defined by RFC2195. A logic error in the code that handles CRAM-MD5 incorrectly specifies the conditions of successful authentication. This error results in a vulnerability that could allow a remote attacker to successfully authenticate as any user on the target system. This vulnerability only affects sites that have explicitly enabled CRAM-MD5 style authentication; it is not enabled in the default configuration of the UW-IMAP server.","impact":"A remote attacker could authenticate as any user on the target system and thereby read and delete email in the authorized user's account.","resolution":"Upgrade or apply a patch Fixed versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Mark Crispin and Hugh Sheets of the University of Washington for reporting this vulnerability.","author":"This document was written by Chad R Dougherty.","public":[],"cveids":["CVE-2005-0198"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-11T21:47:06Z","publicdate":"2005-01-04T00:00:00Z","datefirstpublished":"2005-01-27T21:07:12Z","dateupdated":"2005-04-28T14:09:47Z","revision":21,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"4","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"6.075","cam_scorecurrentwidelyknown":"10.125","cam_scorecurrentwidelyknownexploited":"16.875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.075,"vulnote":null}