Skip to main content

Offlineimap

1 CVEs product

Monthly

CVE-2020-37248 MEDIUM PATCH This Month

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Offlineimap
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Offlineimap
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy