New Search

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4 (2) Evolution (3) mutt (4) fetchmail before 6.3.8 (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2 (6) Balsa 2.3.16 and earlier (7) Mailfilter before 0.8.2 and possibly other products.

oval:org.mitre.oval:def:9782

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4 (2) Evolution (3) mutt (4) fetchmail before 6.3.8 (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2 (6) Balsa 2.3.16 and earlier (7) Mailfilter before 0.8.2 and possibly other products.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • CentOS Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 5
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2007-1558
Product(s):