CVE-2020-28896
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW
2,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0033
Percentile
0,6th
Updated
EPSS Score Trend (Last 91 Days)
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
755
Improper Handling of Exceptional Conditions
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Other
Applicable Platforms
All platforms may be affected
Application
Neomutt by Neomutt
Version Range Affected
To
2020-11-20
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mutt by Mutt
Version Range Affected
To
2.0.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4…
https://github.com/neomutt/neomutt/releases/tag/20201120
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf5…
https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f…
https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html
https://security.gentoo.org/glsa/202101-32
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4…
https://github.com/neomutt/neomutt/releases/tag/20201120
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf5…
https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f…
https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html
https://security.gentoo.org/glsa/202101-32