|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Misc. >> UW-IMAP CRAM-MD5 Remote Authentication Bypass Vulnerability Vulnerability Assessment Details
|
UW-IMAP CRAM-MD5 Remote Authentication Bypass Vulnerability |
||
Checks the version of UW-IMAP Detailed Explanation for this Vulnerability Assessment There is a flaw in the remote UW-IMAP server which permits an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. A possible hacker, exploiting this flaw, would only need to identify a vulnerable UW-IMAP server which had enabled the CRAM-MD5 authentication scheme. The attacker would then be able to log in as any valid user. It is important to note that the IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists. Solution : Upgrade to the most recent version of UW-IMAP. In addition, the fact that CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in plaintext. Ensure that the /etc/cram-md5.pwd file is mode 0400. Network Security Threat Level: High Networks Security ID: 12391 Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security |
||
Cables, Connectors |
Cisco Systems NCS2K-20-SMRFS-L optical multiplexor CISCO EXCESS
$3599.00
Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24
$117.00
Cisco RV160 VPN Router 4 Gigabit Ethernet Ports RV160-K9-AR
$80.00
Cisco ASA5525-FTD-K9 Security Appliance with FirePower Services
$1000.00
Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W+ C3850-NM-4-1G Mod
$83.00
Cisco Catalyst WS-C2960-48TT-L V02 48 Port Fast Ethernet Switch
$34.00
Cisco C3850-NM-2-10G 2 Port Network Exp.Module for 3850
$38.99
Cisco WS-C4948-10GE-S 4948-10GE 48 Port Gigabit +10GB Switch w single AC 15.0 OS
$99.99
NEW SEALED Cisco C9300L-STACK-KIT
$479.99
Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W Network Switch
$41.58
|
||
No Discussions have been posted on this vulnerability. |