icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

UW-imapd CRAM-MD5 Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

There is a flaw in the remote UW-IMAP server that allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. An attacker exploiting this flaw would only need to identify a vulnerable UW-IMAP server that had enabled the CRAM-MD5 authentication scheme. The attacker would then be able to log in as any valid user. It is important to note that the IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.

Solution

Upgrade or patch according to vendor recommendations. In addition, the fact that CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in plaintext. Ensure that the /etc/cram-md5.pwd file is mode 0400.