diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2007-03-21 09:40:59 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2007-03-21 09:40:59 +0000 |
commit | e75ef8f8b5480be6ef8fcc84214228860bb48752 (patch) | |
tree | be7097972587ab4e62050170fcbe52fc41daef1e | |
parent | 62e40d9925446e5bbda7e3a3627b48be5dc83a61 (diff) | |
download | fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.gz fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.bz2 fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.zip |
Add CVE-2007-1558 to APOP attack.
svn path=/branches/BRANCH_6-3/; revision=5064
-rw-r--r-- | NEWS | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -48,6 +48,7 @@ fetchmail 6.3.8 (not yet released): * Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. + (CVE-2007-1558) APOP is claimed insecure by Gaƫtan Leurent for MITM scenarios for typical setups: based on MD5 collisions, it is purportedly possible to recover the |