Red Hat Bugzilla – Bug 237293
CVE-2007-1558: claws-mail APOP vulnerability
Last modified: 2007-11-30 17:12:02 EST
"The APOP protocol allows remote attackers to guess the first 3 characters of a
password via man-in-the-middle (MITM) attacks that use crafted message IDs and
MD5 collisions. NOTE: this design-level issue potentially affects all products
that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4)
According to upstream, fixed in 2.9.1.
Thanks for reporting. Fixed and pushed.