Описание
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sourceforge:putmail:.8:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:.9:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:.10:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:.11:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:.12:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:1.1:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sourceforge:putmail:1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
EPSS
Процентиль: 54%
0.00309
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other