Offlineimap
Monthly
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.