Lucene search

FreeBSDDC132C91-2B71-11EB-8CFD-4437E6AD11C4

HistoryNov 20, 2020 - 12:00 a.m.

mutt -- authentication credentials being sent over an unencrypted connection

2020-11-2000:00:00

vuxml.freebsd.org

mutt

authentication

unencrypted connection

error handling

imap

tls

unix

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.9%

JSON

Kevin J. McCarthy reports:

Mutt had incorrect error handling when initially connecting to an IMAP
server, which could result in an attempt to authenticate without enabling TLS.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmutt< 2.0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mutt	< 2.0.2	UNKNOWN

References

gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.9%

JSON

Related for DC132C91-2B71-11EB-8CFD-4437E6AD11C4