CVE-2014-7274

2014-10-08T01:55:00
ID CVE-2014-7274
Type cve
Reporter cve@mitre.org
Modified 2014-12-22T04:09:00

Description

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.