CVE-2007-5855

Name of the Vulnerable Software and Affected Versions Mail in Apple Mac OS X versions 10.4.11 through 10.5.1

Description The issue allows remote attackers to more easily sniff account activity due to the use of plaintext authentication in Mail, even when MD5 Challenge-Response authentication is available. This occurs when an SMTP account has been set up using Account Assistant.

Recommendations For Mac OS X versions 10.4.11 through 10.5.1, consider disabling the use of plaintext authentication in Mail as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.