Mymail
CVE-2023-32290
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.
AnalysisAI
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-311. The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. Affected products include: Vk.Company Mymail. Version information: through 14.30.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-311 – Missing Encryption of Sensitive Data
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today