UW-IMAP CRAM-MD5 Remote Authentication Bypass

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by an
authentication bypass vulnerability.

Description :

There is a flaw in the remote UW-IMAP server which allows an
authenticated user to log into the server as any user. The
flaw is in the CRAM-MD5 authentication theme.

An attacker, exploiting this flaw, would only need to identify
a vulnerable UW-IMAP server which had enabled the CRAM-MD5
authentication scheme. The attacker would then be able to log
in as any valid user.

It is important to note that the IMAP daemon will automatically
enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.

Solution :

Upgrade to the most recent version of UW-IMAP.
In addition, the fact that CRAM-MD5 is enabled indicates that
the server is storing the IMAP passwords in plaintext.
Ensure that the /etc/cram-md5.pwd file is mode 0400.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 16272 ()

Bugtraq ID: 12391

CVE ID: CVE-2005-0198

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now