CVE-2007-1558
Description
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
APOP protocol allows remote attackers to guess first 3 characters of password via MITM attacks using crafted message IDs and MD5 collisions, affecting many email clients.
Vulnerability
The APOP (Authenticated Post Office Protocol) authentication mechanism contains a design flaw that allows remote attackers to guess the first three characters of a user's password. The attack exploits man-in-the-middle (MITM) techniques using crafted message IDs and MD5 collisions. This design-level issue affects all products implementing APOP, including Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, Evolution, mutt, fetchmail before 6.3.8, SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, Balsa 2.3.16 and earlier, Mailfilter before 0.8.2, and possibly others [2][4].
Exploitation
An attacker must be in a position to perform a man-in-the-middle attack on the network connection between the client and the APOP server. The attacker sends crafted message IDs to the client and observes the MD5 hash responses. By leveraging MD5 collision techniques, the attacker can iteratively guess the first three characters of the password. No authentication or user interaction beyond normal email retrieval is required; the attack is passive after initial MITM setup.
Impact
Successful exploitation allows the attacker to recover the first three characters of the user's APOP password. While this is a partial disclosure, it significantly reduces the password entropy and can be combined with other attacks or brute-force to recover the full password. The compromise affects confidentiality of credentials.
Mitigation
The vulnerability is design-level and cannot be fixed by individual patches; however, affected products have released updates to disable or mitigate APOP usage. For example, Red Hat issued RHSA-2007:0402 addressing this issue [4]. Users should upgrade to fixed versions: Thunderbird 1.5.0.12/2.0.0.4, fetchmail 6.3.8, SeaMonkey 1.0.9/1.1.2, and others as listed. Alternatively, switch to more secure authentication methods like CRAM-MD5 or SSL/TLS. No workaround exists if APOP must be used.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*
- Range: <1.5.0.12 or <2.0.0.4
- Range: <=2.3.16
- osv-coords4 versionspkg:rpm/opensuse/claws-mail&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/fetchmail&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mpop&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mutt&distro=openSUSE%20Tumbleweed
< 4.0.0-2.5+ 3 more
- (no CPE)range: < 4.0.0-2.5
- (no CPE)range: < 6.4.21-2.1
- (no CPE)range: < 1.4.14-1.1
- (no CPE)range: < 2.0.7-2.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
73- www.debian.org/security/2007/dsa-1305nvdPatch
- www.mozilla.org/security/announce/2007/mfsa2007-15.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/23257nvdPatch
- secunia.com/advisories/25402nvdVendor Advisory
- secunia.com/advisories/25496nvdVendor Advisory
- secunia.com/advisories/25529nvdVendor Advisory
- secunia.com/advisories/25546nvdVendor Advisory
- www.securityfocus.com/archive/1/464477/30/0/threadednvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA07-151A.htmlnvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20070602-01-P.ascnvd
- balsa.gnome.org/download.htmlnvd
- docs.info.apple.com/article.htmlnvd
- fetchmail.berlios.de/fetchmail-SA-2007-01.txtnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2007/May/msg00004.htmlnvd
- mail.gnome.org/archives/balsa-list/2007-July/msg00000.htmlnvd
- secunia.com/advisories/25353nvd
- secunia.com/advisories/25476nvd
- secunia.com/advisories/25534nvd
- secunia.com/advisories/25559nvd
- secunia.com/advisories/25664nvd
- secunia.com/advisories/25750nvd
- secunia.com/advisories/25798nvd
- secunia.com/advisories/25858nvd
- secunia.com/advisories/25894nvd
- secunia.com/advisories/26083nvd
- secunia.com/advisories/26415nvd
- secunia.com/advisories/35699nvd
- security.gentoo.org/glsa/glsa-200706-06.xmlnvd
- slackware.com/security/viewer.phpnvd
- sourceforge.net/forum/forum.phpnvd
- sylpheed.sraoss.jp/en/news.htmlnvd
- www.claws-mail.org/news.phpnvd
- www.debian.org/security/2007/dsa-1300nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_14_sr.htmlnvd
- www.novell.com/linux/security/advisories/2007_36_mozilla.htmlnvd
- www.openwall.com/lists/oss-security/2009/08/15/1nvd
- www.openwall.com/lists/oss-security/2009/08/18/1nvd
- www.redhat.com/support/errata/RHSA-2007-0344.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0353.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0385.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0386.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0401.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0402.htmlnvd
- www.redhat.com/support/errata/RHSA-2009-1140.htmlnvd
- www.securityfocus.com/archive/1/464569/100/0/threadednvd
- www.securityfocus.com/archive/1/470172/100/200/threadednvd
- www.securityfocus.com/archive/1/471455/100/0/threadednvd
- www.securityfocus.com/archive/1/471720/100/0/threadednvd
- www.securityfocus.com/archive/1/471842/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0019/nvd
- www.trustix.org/errata/2007/0024/nvd
- www.ubuntu.com/usn/usn-469-1nvd
- www.ubuntu.com/usn/usn-520-1nvd
- www.vupen.com/english/advisories/2007/1466nvd
- www.vupen.com/english/advisories/2007/1467nvd
- www.vupen.com/english/advisories/2007/1468nvd
- www.vupen.com/english/advisories/2007/1480nvd
- www.vupen.com/english/advisories/2007/1939nvd
- www.vupen.com/english/advisories/2007/1994nvd
- www.vupen.com/english/advisories/2007/2788nvd
- www.vupen.com/english/advisories/2008/0082nvd
- issues.rpath.com/browse/RPL-1231nvd
- issues.rpath.com/browse/RPL-1232nvd
- issues.rpath.com/browse/RPL-1424nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782nvd
News mentions
0No linked articles in our index yet.