CVE-2004-1088
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
Date published : 2005-04-14
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html