Authentication Bypass in Postfix on Apple Mac OS X 10.3.6
CVE-2004-1088

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 2 December 2004

What is CVE-2004-1088?

The Postfix mail server on Apple Mac OS X 10.3.6 is vulnerable due to a flaw in the CRAM-MD5 authentication mechanism. This vulnerability allows remote attackers to bypass authentication and send email messages without proper credentials by replaying previously captured authentication data. Such unauthorized access can lead to spam propagation and potential misuse of the email server, compromising the integrity of communications.

References

http://www.securityfocus.com/bid/11802

vdb-entryx_refsource_BID

http://secunia.com/advisories/13362/

third-party-advisoryx_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2004/De...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2004
Vulnerability Reserved
Nov 30, 2004