PT-2007-6815 · Apple · Mail+1

Published

2007-12-19

Updated

2017-07-29

CVE-2007-5855

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mail in Apple Mac OS X versions 10.4.11 through 10.5.1

Description The issue allows remote attackers to more easily sniff account activity due to the use of plaintext authentication in Mail, even when MD5 Challenge-Response authentication is available. This occurs when an SMTP account has been set up using Account Assistant.

Recommendations For Mac OS X versions 10.4.11 through 10.5.1, consider disabling the use of plaintext authentication in Mail as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2007-5855

Affected Products

Macos X

Mail

PT-2007-6815 · Apple · Mail+1

CVE-2007-5855

Weakness Enumeration

Related Identifiers

Affected Products

References · 9