Lucene search
K

4 matches found

seebug.org
seebug.org
added 2014/03/25 12:0 a.m.32 views

Trojita Email保存信息泄漏漏洞

CVE ID:CVE-2014-2567 Trojita是一款QT IMAP Email客户端。 当保存email到发送或草稿文件夹时应用程序不安全处理IMAP通信,允许可通过中间人攻击的攻击者获取通信内容信息。 0 Trojita 0.x Trojita 0.4.1已经修复该漏洞,建议用户下载更新: http://trojita.flaska.net/...

4.3CVSS6.6AI score0.00981EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/03/24 12:0 a.m.21 views

FreeBSD : mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection (36f9ac43-b2ac-11e3-8752-080027ef73ec)

Jan Kundrat reports : An SSL stripping vulnerability was discovered in Trojita, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the 'sent' or 'draft' folders could happen over a plaintext connection even if the...

4.3CVSS5.4AI score0.00981EPSS
Exploits1References3
NVD
NVD
added 2014/03/21 10:55 a.m.15 views

CVE-2014-2567

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

4.3CVSS6.3AI score0.00981EPSS
Exploits1References2
CVE
CVE
added 2014/03/21 10:0 a.m.44 views

CVE-2014-2567

The vulnerability CVE-2014-2567 affects Trojita prior to 0.4.1. The issue is in OpenConnectionTask::handleStateHelper in Trojita’s IMAP code, where a PREAUTH response can be exploited by a man-in-the-middle to force saving a message into the sent or draft folder over plaintext, bypassing STARTTLS...

4.3CVSS6.5AI score0.00981EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder