CVE-2005-1505
First published: Wed May 11 2005(Updated: )
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mail | =2.0 | |
| Apple Mail | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1505?
CVE-2005-1505 is considered a medium severity vulnerability due to the potential exposure of user credentials.
How do I fix CVE-2005-1505?
To fix CVE-2005-1505, ensure that SSL is enabled for IMAP credentials before sending your password.
What types of systems are affected by CVE-2005-1505?
CVE-2005-1505 affects Apple Mail 2.0 on Mac OS 10.4 when configuring IMAP mail accounts.
What kind of data is compromised in CVE-2005-1505?
CVE-2005-1505 allows passwords to be sent in plaintext, which could be intercepted by attackers.
Is CVE-2005-1505 still relevant today?
CVE-2005-1505 is less relevant today due to advances in email security protocols, but users should still be aware of legacy systems that may not be updated.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/author
- agent/description
- agent/event
- agent/source
- vendor/apple
- canonical/apple mail
- version/apple mail/2.0