CVE-2003-0881 Information

Description

Mail in Mac OS X before 10.3 when configured to use MD5 Challenge Response uses plaintext authentication if the CRAM-MD5 hashed login fails which could allow remote attackers to gain privileges by sniffing the password.

Reference

http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/mhonarc/security-announce/msg00038.html