Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3402


Vulnerability Score 2.6 2.6
CVE Id CVE-2005-3402
Last Modified 05 Sep 2008 04:54:17
Published 01 Nov 2005 07:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.

Vulnerable Systems


  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.7



BUGTRAQ - 20051025 Re: Mozilla Thunderbird SMTP down-negotiation weakness

BUGTRAQ - 20051025 Mozilla Thunderbird SMTP down-negotiation weakness

BID - 15106

Last Updated: 27 May 2016 10:40:55