4 matches found
CVE-2021-37845
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...
CVE-2021-37845
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...
CVE-2021-37845
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...
CVE-2021-37845
CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...