Menu
▾
▴
Re: [fetchmail-devel] Security vulnerability in APOP authentication
|
From: Matthias A. <mat...@gm...> - 2007-03-19 23:40:47
|
Gaëtan LEURENT schrieb: > Matthias Andree wrote on 18 Mar 2007 00:03:55 +0100: > >> How does this work in detail? Recover character by character? Are >> specially-crafted challenges required to provoke weak messages in MD5, >> if there are any? > > Yes, it uses specially-crafted challenges to recover the password > character by character. It is not really a matter of weak messages, but > of pair of colliding messages. BTW, do you have or are you aware of a MITRE CVE Id to track this protocol weakness? Thanks, Matthias |
