CVE-2003-0881

Name of the Vulnerable Software and Affected Versions Mac OS X versions prior to 10.3

Description The issue concerns the Mail application in Mac OS X, which, when configured to use MD5 Challenge Response, falls back to plaintext authentication if the CRAM-MD5 hashed login fails. This could allow remote attackers to gain privileges by sniffing the password.

Recommendations For versions prior to 10.3, consider updating to version 10.3 or later to resolve the issue. As a temporary workaround, avoid using the MD5 Challenge Response configuration in the Mail application until a patch is available. Restrict access to sensitive networks to minimize the risk of password sniffing.