An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of The STARTTLS command is only valid in non-authenticated state. in RFC2595). This potentially allows an attacker to cause a victims e-mail messages to be stored into an attackers IMAP mailbox, but depends on details of the victims client behavior.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webcit | Citadel | * | 932 (including) |
| Citadel | Ubuntu | bionic | * |
| Citadel | Ubuntu | hirsute | * |
| Citadel | Ubuntu | impish | * |
| Citadel | Ubuntu | trusty | * |
| Citadel | Ubuntu | xenial | * |