2 matches found
CVE-2023-5422
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...
CVE-2023-5422
CVE-2023-5422 affects OTRS and related editions. The issue arises from using OpenSSL for email transport (POP3/IMAP via SSL/TLS and SMTP) without validating certificates because SSL_get_verify_result() is not used, allowing an attacker to impersonate a trusted host with invalid/expired certificat...