+++ This bug was initially created as a clone of Bug #235289 +++ A flaw has been found in the way Evolution handles APOP authentication. It is possible for an attacker to discover authentication credentials by sending certain responses to Evolution. The upstream bug has more details: http://bugzilla.gnome.org/show_bug.cgi?id=424373 This flaw should also affect FC5
Fixed in evolution-data-server-1.8.3-5.fc6. Also ported to 1.6.3-3.fc5 and 1.10.1-2.fc7.