Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

UW-imapd CRAM-MD5 Authentication Bypass

Medium

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

There is a flaw in the remote UW-IMAP server that allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. An attacker exploiting this flaw would only need to identify a vulnerable UW-IMAP server that had enabled the CRAM-MD5 authentication scheme. The attacker would then be able to log in as any valid user. It is important to note that the IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.

Solution

Upgrade or patch according to vendor recommendations. In addition, the fact that CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in plaintext. Ensure that the /etc/cram-md5.pwd file is mode 0400.