{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3126?format=json","vulnerability_id":"VCID-n6na-y3zc-eqa2","summary":"Gaëtan Leurent informed us of a weakness in APOP\nauthentication that could allow an attacker to recover the first\npart of your mail password if the attacker could interpose\na malicious mail server on your network masquerading as your legitimate\nmail server. With normal settings it could take several hours for\nthe attacker to gather enough data to recover just a few characters\nof the password. This result was presented at the\nFast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of\nElectro-Communications claimed that a variant on the same hash-collision\nattack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this\ntechnique by stricter enforcement of the Message-ID format used\nby APOP.POP mail accounts which do not use any authentication are\ncommon and in the same hypothetical situation the password could\nbe recovered immediately without any special programming on the\nattacker's part.","aliases":[{"alias":"CVE-2007-1558"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6371?format=json","purl":"pkg:deb/debian/balsa@2.3.25-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.25-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6306?format=json","purl":"pkg:deb/debian/fetchmail@6.3.9~rc2-4%2Blenny2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-4%252Blenny2"},{"url":"http://public2.vulnerablecode.io/api/packages/6466?format=json","purl":"pkg:deb/debian/mailfilter@0.8.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.8.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/4947?format=json","purl":"pkg:deb/debian/mutt@1.5.18-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.18-6"},{"url":"http://public2.vulnerablecode.io/api/packages/1260?format=json","purl":"pkg:mozilla/SeaMonkey@1.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/1261?format=json","purl":"pkg:mozilla/SeaMonkey@1.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6365?format=json","purl":"pkg:deb/debian/balsa@0.4.6.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@0.4.6.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6366?format=json","purl":"pkg:deb/debian/balsa@0.6.0-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@0.6.0-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/6367?format=json","purl":"pkg:deb/debian/balsa@1.2.4-2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@1.2.4-2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/6368?format=json","purl":"pkg:deb/debian/balsa@2.3.0-2sarge1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.0-2sarge1"},{"url":"http://public2.vulnerablecode.io/api/packages/6369?format=json","purl":"pkg:deb/debian/balsa@2.3.13-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.13-2"},{"url":"http://public2.vulnerablecode.io/api/packages/6370?format=json","purl":"pkg:deb/debian/balsa@2.3.13-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.13-3"},{"url":"http://public2.vulnerablecode.io/api/packages/6299?format=json","purl":"pkg:deb/debian/fetchmail@4.3.9-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@4.3.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6300?format=json","purl":"pkg:deb/debian/fetchmail@4.6.4-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@4.6.4-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/6301?format=json","purl":"pkg:deb/debian/fetchmail@5.3.3-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@5.3.3-3"},{"url":"http://public2.vulnerablecode.io/api/packages/6302?format=json","purl":"pkg:deb/debian/fetchmail@5.9.11-6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@5.9.11-6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/6303?format=json","purl":"pkg:deb/debian/fetchmail@6.2.5-12sarge5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5"},{"url":"http://public2.vulnerablecode.io/api/packages/6304?format=json","purl":"pkg:deb/debian/fetchmail@6.3.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6305?format=json","purl":"pkg:deb/debian/fetchmail@6.3.6-1etch3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1etch3"},{"url":"http://public2.vulnerablecode.io/api/packages/6462?format=json","purl":"pkg:deb/debian/mailfilter@0.3.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.3.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6463?format=json","purl":"pkg:deb/debian/mailfilter@0.6.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.6.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6464?format=json","purl":"pkg:deb/debian/mailfilter@0.6.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.6.2-3"},{"url":"http://public2.vulnerablecode.io/api/packages/6465?format=json","purl":"pkg:deb/debian/mailfilter@0.8.1-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6na-y3zc-eqa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.8.1-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4940?format=json","purl":"pkg:deb/debian/mutt@0.91.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@0.91.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/4941?format=json","purl":"pkg:deb/debian/mutt@0.95.3-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@0.95.3-0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/4942?format=json","purl":"pkg:deb/debian/mutt@1.2.5-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.2.5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/4943?format=json","purl":"pkg:deb/debian/mutt@1.3.28-2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.3.28-2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/4944?format=json","purl":"pkg:deb/debian/mutt@1.5.9-2sarge2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.9-2sarge2"},{"url":"http://public2.vulnerablecode.io/api/packages/4945?format=json","purl":"pkg:deb/debian/mutt@1.5.13-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.13-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4946?format=json","purl":"pkg:deb/debian/mutt@1.5.13-1.1etch1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29an-2kma-fuf4"},{"vulnerability":"VCID-2bm9-4ums-1ydg"},{"vulnerability":"VCID-3uy8-vqh9-r3hh"},{"vulnerability":"VCID-5ctn-49r3-nba2"},{"vulnerability":"VCID-7ta6-tmu9-qkes"},{"vulnerability":"VCID-8qj4-efgv-cfa1"},{"vulnerability":"VCID-9e6v-c62e-rfcm"},{"vulnerability":"VCID-9faq-7ug9-2qfz"},{"vulnerability":"VCID-d3um-x65k-wkcw"},{"vulnerability":"VCID-dhda-7ss4-p7fz"},{"vulnerability":"VCID-f56e-963w-gka8"},{"vulnerability":"VCID-hf2r-ve96-xfeb"},{"vulnerability":"VCID-ka9r-zy4r-kfhn"},{"vulnerability":"VCID-n6na-y3zc-eqa2"},{"vulnerability":"VCID-paz7-2kzy-hbb3"},{"vulnerability":"VCID-shkc-6sp1-k3g7"},{"vulnerability":"VCID-v7r1-m3qa-pke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.13-1.1etch1"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558","reference_id":"CVE-2007-1558","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15","reference_id":"mfsa2007-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6na-y3zc-eqa2"}