A security vulnerability has been discovered in the APOP protocol that is related to the recent collision attacks by Wang and al. against MD5. Using the man in the middle setting, one can recover the first characters of the password with a few hundred authentications from the client.
1fccafc2839ce661bb7e5f89bcf320907774aa2b78dffb56ed7fbb10b9eeb375