CVE-2014-2014

critical

Description

imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

References

https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html

https://github.com/imapsync/imapsync/issues/15

https://bugs.mageia.org/show_bug.cgi?id=12770

http://www.mandriva.com/security/advisories?name=MDVSA-2014:060

http://www.linux-france.org/prj/imapsync_list/msg01910.html

http://www.linux-france.org/prj/imapsync_list/msg01907.html

http://seclists.org/oss-sec/2014/q1/378

http://seclists.org/oss-sec/2014/q1/367

Details

Source: Mitre, NVD

Published: 2014-04-18

Updated: 2023-06-07

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics