Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-37845: Citadel Security - Uncensored

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of “The STARTTLS command is only valid in non-authenticated state.” in RFC2595). This potentially allows an attacker to cause a victim’s e-mail messages to be stored into an attacker’s IMAP mailbox, but depends on details of the victim’s client behavior.

CVE
Open in Source
#web#auth#ssl

UNREADMSGS new of TOTALMSGS messages

68 new of 68 messages

Please discuss and report any …

  • Not logged in.

  • Search:

  • View as:

  • Select page:

  • Ungoto

  • Refresh message list

  • Delete

  • Write mail

  • Skip this room

  • Goto next room

Subject

Sender

Date

Loading messages from server, please wait

Open in new window
Move
Copy
Delete
Print

Related news

CVE-2021-39272: NO STARTTLS

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

CVE-2021-38370: NO STARTTLS

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE