Markus Wörle

**Name of the Vulnerable Software and Affected Versions** Mail.app version 2.0 in Mac OS 10.4 **Description** The issue concerns the new account wizard in Mail.app. When configuring an IMAP mail account and checking the credentials, it does not prompt the user to use SSL until after the password has already been sent. This results in the password being sent in plaintext. **Recommendations** For Mail.app version 2.0 in Mac OS 10.4, consider configuring the IMAP account manually to ensure SSL is used from the start, thus preventing the password from being sent in plaintext. As a temporary workaround, avoid using the new account wizard for IMAP configurations until a fix is available.