Vulnerability Report

CVE-2005-0198

Title: University of Washington IMAP server CRAM-MD5 authentication bypass

Authentication Bypass

Proof Of Concept

No public PoC currently indexed for CVE-2005-0198.

CWE Category NVD-CWE-noinfo

Published Date May 02, 2005

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 7.5 CVSS v2.0

Exploit Probability (EPSS)

26.66%

Vulnerability Summary

CVE-2005-0198: A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Impacted Vendors

university_of_washington 1

Reference Links

http://secunia.com/advisories/14057 http://secunia.com/advisories/14097 http://securitytracker.com/id?1013037 http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml http://www.kb.cert.org/vuls/id/702777 http://www.kb.cert.org/vuls/id/CRDY-68QSL5 http://www.mandriva.com/security/advisories?name=MDKSA-2005:026 http://www.redhat.com/support/errata/RHSA-2005-128.html http://www.securityfocus.com/bid/12391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306 http://secunia.com/advisories/14057 http://secunia.com/advisories/14097 http://securitytracker.com/id?1013037 http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml http://www.kb.cert.org/vuls/id/702777 http://www.kb.cert.org/vuls/id/CRDY-68QSL5 http://www.mandriva.com/security/advisories?name=MDKSA-2005:026 http://www.redhat.com/support/errata/RHSA-2005-128.html http://www.securityfocus.com/bid/12391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-0198 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

May 02, 2005 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.