QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-1558

Back to search

CVE-2007-1558

Published: Apr 16, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

VendorProductVersions

n/a

n/a

affected
n/a

References

25496
third-party-advisory
x_refsource_SECUNIA
25529
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:107
vendor-advisory
x_refsource_MANDRIVA
2007-0024
vendor-advisory
x_refsource_TRUSTIX
20070403 Re: APOP vulnerability
mailing-list
x_refsource_BUGTRAQ
25894
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1939
vdb-entry
x_refsource_VUPEN
26083
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1468
vdb-entry
x_refsource_VUPEN
RHSA-2009:1140
vendor-advisory
x_refsource_REDHAT
HPSBUX02156
vendor-advisory
x_refsource_HP
20070531 FLEA-2007-0023-1: firefox
mailing-list
x_refsource_BUGTRAQ
26415
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2007-05-24
vendor-advisory
x_refsource_APPLE
SUSE-SR:2007:014
vendor-advisory
x_refsource_SUSE
25402
third-party-advisory
x_refsource_SECUNIA
HPSBUX02153
vendor-advisory
x_refsource_HP
20070402 APOP vulnerability
mailing-list
x_refsource_BUGTRAQ
SUSE-SA:2007:036
vendor-advisory
x_refsource_SUSE
GLSA-200706-06
vendor-advisory
x_refsource_GENTOO
25534
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1994
vdb-entry
x_refsource_VUPEN
SSA:2007-152-02
vendor-advisory
x_refsource_SLACKWARE
23257
vdb-entry
x_refsource_BID
USN-469-1
vendor-advisory
x_refsource_UBUNTU
MDKSA-2007:131
vendor-advisory
x_refsource_MANDRIVA
DSA-1305
vendor-advisory
x_refsource_DEBIAN
ADV-2007-1467
vdb-entry
x_refsource_VUPEN
ADV-2007-2788
vdb-entry
x_refsource_VUPEN
SSRT061236
vendor-advisory
x_refsource_HP
25664
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:119
vendor-advisory
x_refsource_MANDRIVA
25546
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:0353
vendor-advisory
x_refsource_REDHAT
RHSA-2007:0385
vendor-advisory
x_refsource_REDHAT
25858
third-party-advisory
x_refsource_SECUNIA
25798
third-party-advisory
x_refsource_SECUNIA
25353
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0082
vdb-entry
x_refsource_VUPEN
RHSA-2007:0401
vendor-advisory
x_refsource_REDHAT
2007-0019
vendor-advisory
x_refsource_TRUSTIX
25476
third-party-advisory
x_refsource_SECUNIA
35699
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:113
vendor-advisory
x_refsource_MANDRIVA
[balsa-list] 20070704 balsa-2.3.17 released
mailing-list
x_refsource_MLIST
SSRT061181
vendor-advisory
x_refsource_HP
MDKSA-2007:105
vendor-advisory
x_refsource_MANDRIVA
RHSA-2007:0386
vendor-advisory
x_refsource_REDHAT
25750
third-party-advisory
x_refsource_SECUNIA
DSA-1300
vendor-advisory
x_refsource_DEBIAN
25559
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1466
vdb-entry
x_refsource_VUPEN
1018008
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:9782
vdb-entry
signature
x_refsource_OVAL
RHSA-2007:0402
vendor-advisory
x_refsource_REDHAT
ADV-2007-1480
vdb-entry
x_refsource_VUPEN
USN-520-1
vendor-advisory
x_refsource_UBUNTU
TA07-151A
third-party-advisory
x_refsource_CERT
RHSA-2007:0344
vendor-advisory
x_refsource_REDHAT
20070620 FLEA-2007-0027-1: thunderbird
mailing-list
x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now