Описание
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.4 (включая)
Одно из
cpe:2.3:a:trojita_project:trojita:*:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.1:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3.90:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3.91:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3.92:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3.93:*:*:*:*:*:*:*
cpe:2.3:a:trojita_project:trojita:0.3.96:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00255
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.
EPSS
Процентиль: 49%
0.00255
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200