Man-in-the-Middle (MitM)

2020-12-0602:18:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

mutt is vulnerable to man-in-the-middle (MitM). The vulnerability exists as the connection would not properly close, and would keep retrying, when the $ssl_force_tls was processed if an IMAP server’s initial server response was invalid.

CPENameOperatorVersion
mutt:bioniceq1.9.4-3ubuntu0.3
mutt:focaleq1.13.2-1ubuntu0.2
mutt:xenialeq1.5.24-1ubuntu0.4
mutt:xenialeq1.5.24-1build1
mutt:stretcheq1.7.2-1+deb9u3
mutt:bustereq1.10.1-2.1+deb10u3
neomutt:bustereq20180716+dfsg.1-1+deb10u1
mutt:edgeeq1.14.0-r0
mutt:edgeeq1.13.4-r0
mutt:edgeeq1.13.5-r0

Name	Operator	Version
mutt:bionic	eq	1.9.4-3ubuntu0.3
mutt:focal	eq	1.13.2-1ubuntu0.2
mutt:xenial	eq	1.5.24-1ubuntu0.4
mutt:xenial	eq	1.5.24-1build1
mutt:stretch	eq	1.7.2-1+deb9u3
mutt:buster	eq	1.10.1-2.1+deb10u3
neomutt:buster	eq	20180716+dfsg.1-1+deb10u1
mutt:edge	eq	1.14.0-r0
mutt:edge	eq	1.13.4-r0
mutt:edge	eq	1.13.5-r0