The APOP protocol allows remote malicious users to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x prior to 1.5.0.12 and 2.x prior to 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail prior to 6.3.8, (5) SeaMonkey 1.0.x prior to 1.0.9 and 1.1.x prior to 1.1.2, (6) Balsa 2.3.16 and previous versions, (7) Mailfilter prior to 0.8.2, and possibly other products.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apop protocol apop protocol |