CVE-2004-0925 | Vulnerability Database | Aqua Security

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.3 (including)	10.3 (including)
Mac_os_x	Apple	10.3.1 (including)	10.3.1 (including)
Mac_os_x	Apple	10.3.2 (including)	10.3.2 (including)
Mac_os_x	Apple	10.3.3 (including)	10.3.3 (including)
Mac_os_x	Apple	10.3.4 (including)	10.3.4 (including)
Mac_os_x	Apple	10.3.5 (including)	10.3.5 (including)
Mac_os_x_server	Apple	10.3 (including)	10.3 (including)
Mac_os_x_server	Apple	10.3.1 (including)	10.3.1 (including)
Mac_os_x_server	Apple	10.3.2 (including)	10.3.2 (including)
Mac_os_x_server	Apple	10.3.3 (including)	10.3.3 (including)
Mac_os_x_server	Apple	10.3.4 (including)	10.3.4 (including)
Mac_os_x_server	Apple	10.3.5 (including)	10.3.5 (including)

References

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html
http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0925
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html