CVE-2014-2567

Published: Mar 21, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1

x_refsource_CONFIRM

http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-2567

Description

Affected Products

References