Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2005-3402
HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3402

2005-11-0112:47:00
mitre
web.nvd.nist.gov
30
cve-2005-3402
smtp client
mozilla thunderbird
security vulnerability
mitm attack
tls authentication
cram-md5 authentication

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.4%

JSON

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.

Affected configurations

Nvd
Node
mozillathunderbirdMatch1.0.5beta
OR
mozillathunderbirdMatch1.0.7
VendorProductVersionCPE
mozillathunderbird1.0.5cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
mozillathunderbird1.0.7cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

Related

ubuntucve 1
cvelist 1
nvd 1
ubuntucve
ubuntucve
CVE-2005-3402
2005-11-01 00:00:00
cvelist
cvelist
CVE-2005-3402
2005-11-01 11:00:00
nvd
nvd
CVE-2005-3402
2005-11-01 12:47:00

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.4%

JSON
Related for CVE-2005-3402
ubuntucve1cvelist1nvd1