{"id":"AZL-37052","summary":"CVE-2005-0198 affecting package uw-imap 2007f-27","details":"A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.","modified":"2026-04-21T04:28:06.706557Z","published":"2005-05-02T04:00:00Z","upstream":["CVE-2005-0198"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0198"}],"affected":[{"package":{"name":"uw-imap","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/uw-imap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2007f-27"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37052.json"}}],"schema_version":"1.7.5"}