University of Washington Information for VU#702777

UW-imapd fails to properly authenticate users when using CRAM-MD5

Status

Affected

Vendor Statement


This problem is fixed in the January 4, 2005 release version of
imap-2004b, on:
     
ftp://ftp.cac.washington.edu/mail/imap-2004b.tar.Z
The convenience link:
     
ftp://ftp.cac.washington.edu/mail/imap.tar.Z
now points to this version.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.