Lucene search
Veracode Vulnerability DatabaseVERACODE:28074HistoryDec 06, 2020 - 2:18 a.m.
Man-in-the-Middle (MitM)
2020-12-0602:18:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
22
man-in-the-middle
mitm
vulnerability
mail client
imap server
ssl
EPSS
0.003
Percentile
69.9%
mutt is vulnerable to man-in-the-middle (MitM). The vulnerability exists as the connection would not properly close, and would keep retrying, when the $ssl_force_tls was processed if an IMAP server’s initial server response was invalid.
References
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-28896
github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
github.com/neomutt/neomutt/releases/tag/20201120
gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f
lists.debian.org/debian-lts-announce/2020/11/msg00048.html
security.gentoo.org/glsa/202101-32
Related
freebsd
freebsd
mutt -- authentication credentials being sent over an unencrypted connection
2020-11-20 00:00:00
nessus
nessus
archlinux
archlinux
[ASA-202011-24] neomutt: silent downgrade
2020-11-26 00:00:00
[ASA-202011-25] mutt: silent downgrade
2020-11-26 00:00:00
osv
osv
mutt vulnerability
2020-11-25 15:18:59
mutt - security update
2020-11-30 00:00:00
CVE-2020-28896
2020-11-23 19:15:11
openvas
openvas
Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2021-1098)
2021-01-19 00:00:00
Slackware: Security Advisory (SSA:2020-329-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3632-1)
2021-04-19 00:00:00
suse
suse
Security update for mutt (important)
2020-12-01 00:00:00
Security update for mutt (important)
2020-12-01 00:00:00
Security update for neomutt (moderate)
2020-12-01 00:00:00
debian
debian
[SECURITY] [DLA 2472-1] mutt security update
2020-11-30 21:32:56
gentoo
gentoo
Mutt, NeoMutt: Information disclosure
2021-01-26 00:00:00
redhatcve
redhatcve
CVE-2020-28896
2020-11-23 19:51:32
nvd
nvd
CVE-2020-28896
2020-11-23 19:15:11
slackware
slackware
[slackware-security] mutt
2020-11-25 05:06:23
ubuntucve
ubuntucve
CVE-2020-28896
2020-11-23 00:00:00
debiancve
debiancve
CVE-2020-28896
2020-11-23 19:15:11
mageia
mageia
Updated mutt packages fix a security vulnerability
2020-12-05 22:46:49
alpinelinux
alpinelinux
CVE-2020-28896
2020-11-23 19:15:11
cvelist
cvelist
CVE-2020-28896
2020-11-23 18:52:13
ubuntu
ubuntu
Mutt vulnerability
2020-11-25 00:00:00
prion
prion
Authentication flaw
2020-11-23 19:15:00
cve
cve
CVE-2020-28896
2020-11-23 19:15:11
almalinux
almalinux
Moderate: mutt security, bug fix, and enhancement update
2021-11-09 08:33:45
oraclelinux
oraclelinux
mutt security, bug fix, and enhancement update
2021-11-16 00:00:00
rocky
rocky
mutt security, bug fix, and enhancement update
2021-11-09 08:33:45
fedora
fedora
[SECURITY] Fedora 33 Update: mutt-2.0.5-1.fc33
2021-02-10 01:20:35
redhat
redhat
(RHSA-2021:4181) Moderate: mutt security, bug fix, and enhancement update
2021-11-09 08:33:45
amazon
amazon
Medium: mutt
2022-12-01 20:31:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1925
2021-07-02 17:31:43