Rapid7 Vulnerability & Exploit Database

MFSA2007-15 SeaMonkey: Security Vulnerability in APOP Authentication (CVE-2007-1558)

Back to Search

MFSA2007-15 SeaMonkey: Security Vulnerability in APOP Authentication (CVE-2007-1558)

Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
04/16/2007
Created
07/25/2018
Added
02/03/2012
Modified
02/13/2015

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Solution(s)

  • mozilla-seamonkey-upgrade-1_0_9
  • mozilla-seamonkey-upgrade-1_1_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;