Synopsis
The remote host has an application that is affected by an authentication bypass vulnerability.
Description
There is a flaw in the remote UW-IMAP server which allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme.
An attacker, exploiting this flaw, would only need to identify a vulnerable UW-IMAP server which had enabled the CRAM-MD5 authentication scheme. The attacker would then be able to log in as any valid user.
It is important to note that the IMAP daemon will automatically enable CRAM-MD5 if the /etc/cram-md5.pwd file exists.
Solution
Upgrade to the most recent version of UW-IMAP.
In addition, the fact that CRAM-MD5 is enabled indicates that the server is storing the IMAP passwords in plaintext.
Ensure that the /etc/cram-md5.pwd file is mode 0400.
Plugin Details
File Name: uw_imap_crammd5_bypass.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Excluded KB Items: imap/false_imap
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 1/4/2005