UW-IMAP CRAM-MD5 Remote Authentication Bypass

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by an
authentication bypass vulnerability.

Description :

There is a flaw in the remote UW-IMAP server which allows an
authenticated user to log into the server as any user. The
flaw is in the CRAM-MD5 authentication theme.

An attacker, exploiting this flaw, would only need to identify
a vulnerable UW-IMAP server which had enabled the CRAM-MD5
authentication scheme. The attacker would then be able to log
in as any valid user.

It is important to note that the IMAP daemon will automatically
enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.

Solution :

Upgrade to the most recent version of UW-IMAP.
In addition, the fact that CRAM-MD5 is enabled indicates that
the server is storing the IMAP passwords in plaintext.
Ensure that the /etc/cram-md5.pwd file is mode 0400.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 16272 ()

Bugtraq ID: 12391

CVE ID: CVE-2005-0198