7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.7%
imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.
seclists.org/oss-sec/2014/q1/367
seclists.org/oss-sec/2014/q1/378
www.linux-france.org/prj/imapsync_list/msg01907.html
www.linux-france.org/prj/imapsync_list/msg01910.html
www.mandriva.com/security/advisories?name=MDVSA-2014:060
bugs.mageia.org/show_bug.cgi?id=12770
github.com/imapsync/imapsync/issues/15
lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html