CVE-2014-2014CVE-2014-2014

Affected configuration(s):

cpe:/a:gilles_lamiral:imapsync:1.53
cpe:/a:gilles_lamiral:imapsync:1.500
cpe:/a:gilles_lamiral:imapsync:1.504
cpe:/a:gilles_lamiral:imapsync:1.508
cpe:/a:gilles_lamiral:imapsync:1.516
cpe:/a:gilles_lamiral:imapsync:1.518
cpe:/a:gilles_lamiral:imapsync:1.525
cpe:/a:gilles_lamiral:imapsync:1.542
cpe:/a:gilles_lamiral:imapsync:1.547
cpe:/a:gilles_lamiral:imapsync:1.554
cpe:/a:gilles_lamiral:imapsync:1.558
cpe:/a:gilles_lamiral:imapsync:1.564
cpe:/a:gilles_lamiral:imapsync:1.567
cpe:/a:gilles_lamiral:imapsync:1.569
cpe:/a:gilles_lamiral:imapsync:1.580

Date published: 2014-04-18T18:14:35.980-04:00

Date last modified: 2014-04-21T12:19:29.213-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2014/q1/367

Summary: imapsync before 1.584, when running with the –tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.