PT-2002-3038 · Apple · Mail.App

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2326

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mail.app versions 10.0 through 10.0.4 Mail.app versions 10.1 through 10.1.5

Description The default configuration of Mail.app sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.

Recommendations For Mail.app versions 10.0 through 10.0.4, update the configuration to encrypt authentication credentials. For Mail.app versions 10.1 through 10.1.5, update the configuration to encrypt authentication credentials.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2002-2326

Affected Products

Mail.App

PT-2002-3038 · Apple · Mail.App

CVE-2002-2326

Weakness Enumeration

Related Identifiers

Affected Products

References · 5