Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.6 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00665EPSS
Exploits1References1
NVD
NVD
added 2023/05/29 7:15 p.m.26 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS4.2AI score0.00665EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/05/29 12:0 a.m.9 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

6.6AI score0.00665EPSS
Exploits1References3
CVE
CVE
added 2023/05/29 12:0 a.m.58 views

CVE-2021-37845

CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...

3.7CVSS4.3AI score0.00665EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder