1. Home
  2. Vulnerabilities
  3. CVE-2007-1558

CVE-2007-1558

CVSS v2.0 2.6 (Low)
26% Progress
EPSS 8.84 % (95th)
8.84% Progress
Affected Products 1
Advisories 17
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2007-04-16 22:19:00
(17 years ago)
Updated Date
2018-10-16 16:39:13
(6 years ago)

Affected Products

Apop Protocol

Configuration #1

    CPE23 From Up To
  Apop Protocol cpe:2.3:a:apop_protocol:apop_protocol