imapsync before 1.584, when running with the –tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Imapsync | Imapsync_project | * | 1.580 |
Imapsync | Imapsync_project | 1.53 | 1.53 |
Imapsync | Imapsync_project | 1.547 | 1.547 |
Imapsync | Imapsync_project | 1.516 | 1.516 |
Imapsync | Imapsync_project | 1.504 | 1.504 |
Imapsync | Imapsync_project | 1.554 | 1.554 |
Imapsync | Imapsync_project | 1.500 | 1.500 |
Imapsync | Imapsync_project | 1.558 | 1.558 |
Imapsync | Imapsync_project | 1.567 | 1.567 |
Imapsync | Imapsync_project | 1.542 | 1.542 |
Imapsync | Imapsync_project | 1.569 | 1.569 |
Imapsync | Imapsync_project | 1.518 | 1.518 |
Imapsync | Imapsync_project | 1.508 | 1.508 |
Imapsync | Imapsync_project | 1.525 | 1.525 |
Imapsync | Imapsync_project | 1.564 | 1.564 |