Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2014-2014: "imapsync ignores the --tls switch and sends my authentication plaintext."

imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

CVE
#red_hat#git#auth#ssl

oss-sec mailing list archives

From: Murray McAllister <mmcallis () redhat com>
Date: Mon, 17 Feb 2014 11:27:47 +1100

Hello,

https://bugs.mageia.org/show_bug.cgi?id=12770 notes that imapsync 1.584 fixes a security issue, “Bug fix: Check if going to tls is ok, exit otherwise with explicit error message. Thanks to Dennis Schridde for reporting this ugly bug that deserves a CVE.”

Upstream bug: https://github.com/imapsync/imapsync/issues/15

Can a CVE please be assigned if one has not been already?

Thanks,

– Murray McAllister / Red Hat Security Response Team

Current thread:

  • CVE request: “imapsync ignores the --tls switch and sends my authentication plaintext.” Murray McAllister (Feb 16)
    • Re: CVE request: “imapsync ignores the --tls switch and sends my authentication plaintext.” cve-assign (Feb 18)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907