4 matches found
Trojita Email保存信息泄漏漏洞
CVE ID:CVE-2014-2567 Trojita是一款QT IMAP Email客户端。 当保存email到发送或草稿文件夹时应用程序不安全处理IMAP通信,允许可通过中间人攻击的攻击者获取通信内容信息。 0 Trojita 0.x Trojita 0.4.1已经修复该漏洞,建议用户下载更新: http://trojita.flaska.net/...
FreeBSD : mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection (36f9ac43-b2ac-11e3-8752-080027ef73ec)
Jan Kundrat reports : An SSL stripping vulnerability was discovered in Trojita, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the 'sent' or 'draft' folders could happen over a plaintext connection even if the...
CVE-2014-2567
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...
CVE-2014-2567
The vulnerability CVE-2014-2567 affects Trojita prior to 0.4.1. The issue is in OpenConnectionTask::handleStateHelper in Trojita’s IMAP code, where a PREAUTH response can be exploited by a man-in-the-middle to force saving a message into the sent or draft folder over plaintext, bypassing STARTTLS...