University Of Washington IMAP Server CRAM-MD5 Remote Authentication Bypass Vulnerability

A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts.

It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default.

A remote attacker may leverage this issue to authenticate to the affected server as any user.


Privacy Statement
Copyright 2010, SecurityFocus