CVE-2004-0925

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

Published: Jan 27, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-0925
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / mac_os_x_server	10.3.2	10.3.2.x
apple / mac_os_x_server	10.3.5	10.3.5.x
apple / mac_os_x	10.3.1	10.3.1.x
apple / mac_os_x	10.3.5	10.3.5.x
apple / mac_os_x_server	10.3.3	10.3.3.x
apple / mac_os_x_server	10.3.4	10.3.4.x
apple / mac_os_x	10.3.2	10.3.2.x
apple / mac_os_x_server	10.3	10.3.x
apple / mac_os_x_server	10.3.1	10.3.1.x
apple / mac_os_x	10.3.4	10.3.4.x
apple / mac_os_x	10.3.3	10.3.3.x
apple / mac_os_x	10.3	10.3.x

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html

Vulnerability Database

289,782

CVE-2004-0925