Vulnerability Details CVE-2014-2567
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html
- https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1
- http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html
- https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1
Products affected by CVE-2014-2567
-
cpe:2.3:a:trojita_project:trojita:0.1
-
cpe:2.3:a:trojita_project:trojita:0.2
-
cpe:2.3:a:trojita_project:trojita:0.2.9
-
cpe:2.3:a:trojita_project:trojita:0.2.9.1
-
cpe:2.3:a:trojita_project:trojita:0.2.9.2
-
cpe:2.3:a:trojita_project:trojita:0.2.9.3
-
cpe:2.3:a:trojita_project:trojita:0.2.9.4
-
cpe:2.3:a:trojita_project:trojita:0.3
-
cpe:2.3:a:trojita_project:trojita:0.3.90
-
cpe:2.3:a:trojita_project:trojita:0.3.91
-
cpe:2.3:a:trojita_project:trojita:0.3.92
-
cpe:2.3:a:trojita_project:trojita:0.3.93
-
cpe:2.3:a:trojita_project:trojita:0.3.96
-
cpe:2.3:a:trojita_project:trojita:0.4