Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness

ID 1306.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a man-in-the-middle attack if the client is being used with SSL (IMAPS, SMTPS, POP3S). Evolution's camel component fails to re-authenticate previously accepted SSL certificates when reestablishing a connection. Exploitation of this vulnerability potentially allows for an attacker to intercept and/or modify SSL traffic.

                                            Binary data 1306.prm