CVE-2005-1505

Published May 11, 2005

Last updated 7 years ago

Overview

Description: The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:mail:2.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "55A3D9D4-B203-4C9A-B6D4-FDA2AE5F81A3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References