CVE-2005-0198 - OpenCVE

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
University Of Washington	Uw-imap

Configuration 1 [-]

cpe:2.3:a:university_of_washington:uw-imap:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/14057
http://secunia.com/advisories/14097
http://securitytracker.com/id?1013037
http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml	Patch
http://www.kb.cert.org/vuls/id/702777	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-68QSL5	Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
http://www.redhat.com/support/errata/RHSA-2005-128.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/12391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-06T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-01-31T00:00:00

Link: CVE-2005-0198

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-10-11T01:29:53.310

Link: CVE-2005-0198

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:11306", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"}, {"name": "RHSA-2005:128", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"}, {"name": "GLSA-200502-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"}, {"name": "MDKSA-2005:026", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"}, {"name": "14097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14097"}, {"name": "1013037", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013037"}, {"name": "VU#702777", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/702777"}, {"name": "14057", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14057"}, {"name": "12391", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12391"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0198", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:11306", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"}, {"name": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"}, {"name": "RHSA-2005:128", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"}, {"name": "GLSA-200502-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"}, {"name": "MDKSA-2005:026", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"}, {"name": "14097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14097"}, {"name": "1013037", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013037"}, {"name": "VU#702777", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/702777"}, {"name": "14057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14057"}, {"name": "12391", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12391"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0198", "datePublished": "2005-02-06T05:00:00", "dateReserved": "2005-01-31T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:university_of_washington:uw-imap:*:*:*:*:*:*:*:*", "matchCriteriaId": "B695CCC4-D8B4-42CA-BA5C-28262FFAAD9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."}], "id": "CVE-2005-0198", "lastModified": "2017-10-11T01:29:53.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/14057"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/14097"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013037"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/702777"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/12391"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}