UW-imapd CRAM-MD5 Authentication Bypass
Medium Nessus Network Monitor Plugin ID 2568
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThere is a flaw in the remote UW-IMAP server that allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. An attacker exploiting this flaw would only need to identify a vulnerable UW-IMAP server that had enabled the CRAM-MD5 authentication scheme. The attacker would then be able to log in as any valid user.
It is important to note that the IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.
SolutionUpgrade or patch according to vendor recommendations. In addition, the fact that CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in plaintext. Ensure that the /etc/cram-md5.pwd file is mode 0400.