Mandrake Linux Security Advisory : imap (MDKSA-2005:026)
High Nessus Plugin ID 16292
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in the CRAM-MD5 authentication in UW-IMAP where, on the fourth failed authentication attempt, a user would be able to access the IMAP server regardless. This problem exists only if you are using CRAM-MD5 authentication and have an /etc/cram-md5.pwd file. This is not the default setup.
The updated packages have been patched to prevent these problems.
SolutionUpdate the affected packages.