CVE-2020-37248

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: none

Description

AI Translation Available

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext.

348

Use of Less Trusted Source

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/OfflineIMAP/offlineimap3/commit/46505c53…

https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3…

https://github.com/OfflineIMAP/offlineimap3/issues/222

https://github.com/OfflineIMAP/offlineimap/issues/669

https://pypi.org/project/offlineimap/#history

CVE-2020-37248

Description

Use of Less Trusted Source

Common Consequences

Applicable Platforms

Iscriviti alla newsletter