[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1558Date: (C)2007-04-16   (M)2023-12-22


The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018008
2007-0019
2007-0024
http://www.securityfocus.com/archive/1/464477/30/0/threaded
http://www.securityfocus.com/archive/1/464569/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
20070602-01-P
http://www.securityfocus.com/archive/1/471455/100/0/threaded
http://www.securityfocus.com/archive/1/471720/100/0/threaded
http://www.securityfocus.com/archive/1/471842/100/0/threaded
BID-23257
SECUNIA-25353
SECUNIA-25402
SECUNIA-25476
SECUNIA-25496
SECUNIA-25529
SECUNIA-25534
SECUNIA-25546
SECUNIA-25559
SECUNIA-25664
SECUNIA-25750
SECUNIA-25798
SECUNIA-25858
SECUNIA-25894
SECUNIA-26083
SECUNIA-26415
SECUNIA-35699
ADV-2007-1466
ADV-2007-1467
ADV-2007-1468
ADV-2007-1480
ADV-2007-1939
ADV-2007-1994
ADV-2007-2788
ADV-2008-0082
APPLE-SA-2007-05-24
DSA-1300
DSA-1305
GLSA-200706-06
HPSBUX02153
HPSBUX02156
MDKSA-2007:105
MDKSA-2007:107
MDKSA-2007:113
MDKSA-2007:119
MDKSA-2007:131
RHSA-2007:0344
RHSA-2007:0353
RHSA-2007:0385
RHSA-2007:0386
RHSA-2007:0401
RHSA-2007:0402
RHSA-2009:1140
SSA:2007-152-02
SUSE-SA:2007:036
SUSE-SR:2007:014
TA07-151A
USN-469-1
USN-520-1
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
http://balsa.gnome.org/download.html
http://docs.info.apple.com/article.html?artnum=305530
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
http://sourceforge.net/forum/forum.php?forum_id=683706
http://sylpheed.sraoss.jp/en/news.html
http://www.claws-mail.org/news.php
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
https://issues.rpath.com/browse/RPL-1231
https://issues.rpath.com/browse/RPL-1232
https://issues.rpath.com/browse/RPL-1424
oval:org.mitre.oval:def:9782

OVAL    3
oval:org.secpod.oval:def:202197
oval:org.secpod.oval:def:202022
oval:org.secpod.oval:def:500542

© SecPod Technologies