University of Washington Information for VU#702777

UW-imapd fails to properly authenticate users when using CRAM-MD5



Vendor Statement

This problem is fixed in the January 4, 2005 release version of
imap-2004b, on:
The convenience link:
now points to this version.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.