MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Trojita | Trojita_project | * | 0.8 (excluding) |
Trojita | Ubuntu | eoan | * |
Trojita | Ubuntu | esm-apps/focal | * |
Trojita | Ubuntu | esm-apps/jammy | * |
Trojita | Ubuntu | focal | * |
Trojita | Ubuntu | groovy | * |
Trojita | Ubuntu | hirsute | * |
Trojita | Ubuntu | impish | * |
Trojita | Ubuntu | jammy | * |
Trojita | Ubuntu | kinetic | * |
Trojita | Ubuntu | lunar | * |
Trojita | Ubuntu | mantic | * |
Trojita | Ubuntu | trusty | * |