Vulnerability Details CVE-2023-32290
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 7.5
References
- https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997
- https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail
- https://news.ycombinator.com/item?id=35845308
- https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997
- https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail
- https://news.ycombinator.com/item?id=35845308
Products affected by CVE-2023-32290
-
cpe:2.3:a:vk.company:mymail:-
-
cpe:2.3:a:vk.company:mymail:14.30