Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2007-1558

Published: 16/04/2007 Updated: 16/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Apop Protocol

Vulnerability Summary

The APOP protocol allows remote malicious users to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x prior to 1.5.0.12 and 2.x prior to 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail prior to 6.3.8, (5) SeaMonkey 1.0.x prior to 1.0.9 and 1.1.x prior to 1.1.2, (6) Balsa 2.3.16 and previous versions, (7) Mailfilter prior to 0.8.2, and possibly other products.

Vulnerable Product Search on Vulmon Subscribe to Product

apop protocol apop protocol

Vendor Advisories

Red Hat: Moderate: ruby security update
Synopsis Moderate: ruby security update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team D ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
Gaëtan Leurent showed a weakness in APOP authentication An attacker posing as a trusted server could recover portions of the user’s password via multiple authentication attempts (CVE-2007-1558) ...
Ubuntu Security Notice: fetchmail vulnerabilities
Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user’s authentication credentials (CVE-2007-1558) ...
Debian Security Advisories: DSA-1300-1 iceape -- several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1362 Nicolas Derouet discovered that Iceape performs insufficient validation of cookies, which could lead to den ...
Debian Security Advisories: DSA-1305-1 icedove -- several vulnerabilities
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1558 Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for ...
Mozilla: Security Vulnerability in APOP Authentication
Mozilla Foundation Security Advisory 2007-15 Security Vulnerability in APOP Authentication Announced May 30, 2007 Reporter Gaëtan Leurent Impact Moderate Products SeaMonkey, Thunderbird Fixed in ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/464477/30/0/threadedhttp://fetchmail.berlios.de/fetchmail-SA-2007-01.txthttp://sourceforge.net/forum/forum.php?forum_id=683706http://sylpheed.sraoss.jp/en/news.htmlhttp://www.claws-mail.org/news.phphttp://www.securityfocus.com/bid/23257http://www.redhat.com/support/errata/RHSA-2007-0353.htmlhttp://www.securitytracker.com/id?1018008http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.htmlhttp://www.mozilla.org/security/announce/2007/mfsa2007-15.htmlhttps://issues.rpath.com/browse/RPL-1424https://issues.rpath.com/browse/RPL-1232https://issues.rpath.com/browse/RPL-1231http://balsa.gnome.org/download.htmlhttp://lists.apple.com/archives/security-announce/2007/May/msg00004.htmlhttp://www.debian.org/security/2007/dsa-1300http://www.debian.org/security/2007/dsa-1305http://security.gentoo.org/glsa/glsa-200706-06.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:105http://www.mandriva.com/security/advisories?name=MDKSA-2007:107http://www.mandriva.com/security/advisories?name=MDKSA-2007:113http://www.mandriva.com/security/advisories?name=MDKSA-2007:119http://www.mandriva.com/security/advisories?name=MDKSA-2007:131http://www.redhat.com/support/errata/RHSA-2007-0344.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0386.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0385.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0401.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0402.htmlftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857http://www.novell.com/linux/security/advisories/2007_36_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2007_14_sr.htmlhttp://www.trustix.org/errata/2007/0019/http://www.trustix.org/errata/2007/0024/http://www.ubuntu.com/usn/usn-469-1http://www.ubuntu.com/usn/usn-520-1http://www.us-cert.gov/cas/techalerts/TA07-151A.htmlhttp://secunia.com/advisories/25353http://secunia.com/advisories/25402http://secunia.com/advisories/25476http://secunia.com/advisories/25529http://secunia.com/advisories/25546http://secunia.com/advisories/25496http://secunia.com/advisories/25559http://secunia.com/advisories/25534http://secunia.com/advisories/25664http://secunia.com/advisories/25750http://secunia.com/advisories/25798http://secunia.com/advisories/25894http://secunia.com/advisories/26083http://secunia.com/advisories/26415http://secunia.com/advisories/25858http://www.redhat.com/support/errata/RHSA-2009-1140.htmlhttp://secunia.com/advisories/35699http://www.openwall.com/lists/oss-security/2009/08/18/1http://www.openwall.com/lists/oss-security/2009/08/15/1http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579http://www.vupen.com/english/advisories/2007/1466http://www.vupen.com/english/advisories/2007/1939http://www.vupen.com/english/advisories/2007/1467http://www.vupen.com/english/advisories/2007/2788http://www.vupen.com/english/advisories/2008/0082http://www.vupen.com/english/advisories/2007/1994http://www.vupen.com/english/advisories/2007/1480http://www.vupen.com/english/advisories/2007/1468http://docs.info.apple.com/article.html?artnum=305530https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782http://www.securityfocus.com/archive/1/471842/100/0/threadedhttp://www.securityfocus.com/archive/1/471720/100/0/threadedhttp://www.securityfocus.com/archive/1/471455/100/0/threadedhttp://www.securityfocus.com/archive/1/470172/100/200/threadedhttp://www.securityfocus.com/archive/1/464569/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:1140https://nvd.nist.govhttps://usn.ubuntu.com/469-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook