Trojita Project: >> Trojita >> 0.2.9.4 Security Vulnerabilities
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-06-25
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-21