CVE-2007-1558

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

CVSS v2.0 2.6

2.6^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 4.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References

Link	Resource
http://www.securityfocus.com/archive/1/464477/30/0/threaded	Vendor Advisory
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
http://sourceforge.net/forum/forum.php?forum_id=683706
http://sylpheed.sraoss.jp/en/news.html
http://www.claws-mail.org/news.php
http://www.securityfocus.com/bid/23257	Patch
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.securitytracker.com/id?1018008
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html	Patch Vendor Advisory
https://issues.rpath.com/browse/RPL-1424
https://issues.rpath.com/browse/RPL-1232
https://issues.rpath.com/browse/RPL-1231
http://balsa.gnome.org/download.html
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1305	Patch
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html	US Government Resource
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402	Vendor Advisory
http://secunia.com/advisories/25476
http://secunia.com/advisories/25529	Vendor Advisory
http://secunia.com/advisories/25546	Vendor Advisory
http://secunia.com/advisories/25496	Vendor Advisory
http://secunia.com/advisories/25559
http://secunia.com/advisories/25534
http://secunia.com/advisories/25664
http://secunia.com/advisories/25750
http://secunia.com/advisories/25798
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/25858
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://secunia.com/advisories/35699
http://www.openwall.com/lists/oss-security/2009/08/18/1
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1468
http://docs.info.apple.com/article.html?artnum=305530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/archive/1/471720/100/0/threaded
http://www.securityfocus.com/archive/1/471455/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/archive/1/464569/100/0/threaded

Configurations

Configuration 1

cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-04-16 10:19

Updated : 2018-10-16 04:39

NVD link : CVE-2007-1558

Mitre link : CVE-2007-1558

Products Affected

No products.

CWE

NVD-CWE-Other