Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-28896

Опубликовано: 20 нояб. 2020
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

Отчет

Red Hat Product Security has rated the severity of this flaw as Moderate because although the Confidentiality impact is high, the attack complexity is also high as a particular attacker would at least need to coordinate social engineering a victim to connect to a bad server, and also perform a man-in-the-middle attack or perform similar interception of the connection. Please see the following page for details on Red Hat severity ratings with special attention to Moderate: https://access.redhat.com/security/updates/classification .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5muttOut of support scope
Red Hat Enterprise Linux 6muttOut of support scope
Red Hat Enterprise Linux 7muttOut of support scope
Red Hat Enterprise Linux 9muttNot affected
Red Hat Enterprise Linux 8muttFixedRHSA-2021:418109.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-319
https://bugzilla.redhat.com/show_bug.cgi?id=1900826mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection

EPSS

Процентиль: 52%
0.00288
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-28896

CVSS3: 5.3
ubuntu
больше 4 лет назад

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

nvd логотип

CVE-2020-28896

CVSS3: 5.3
nvd
больше 4 лет назад

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

debian логотип

CVE-2020-28896

CVSS3: 5.3
debian
больше 4 лет назад

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...

suse-cvrf логотип

openSUSE-SU-2020:2141-1

suse-cvrf
больше 4 лет назад

Security update for mutt

suse-cvrf логотип

openSUSE-SU-2020:2128-1

suse-cvrf
больше 4 лет назад

Security update for mutt

EPSS

Процентиль: 52%
0.00288
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2020-28896