Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2014

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2014
Last Modified 21 Apr 2014 12:19:29
Published 18 Apr 2014 06:14:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2014

Summary

imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

Vulnerable Systems

Application

  • Gilles Lamiral Imapsync 1.500

  • Gilles Lamiral Imapsync 1.504

  • Gilles Lamiral Imapsync 1.508

  • Gilles Lamiral Imapsync 1.516

  • Gilles Lamiral Imapsync 1.518

  • Gilles Lamiral Imapsync 1.525

  • Gilles Lamiral Imapsync 1.53

  • Gilles Lamiral Imapsync 1.542

  • Gilles Lamiral Imapsync 1.547

  • Gilles Lamiral Imapsync 1.554

  • Gilles Lamiral Imapsync 1.558

  • Gilles Lamiral Imapsync 1.564

  • Gilles Lamiral Imapsync 1.567

  • Gilles Lamiral Imapsync 1.569

  • Gilles Lamiral Imapsync 1.580


References

MLIST - [oss-security] 20140218 Re: CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."

FEDORA - FEDORA-2014-2505

CONFIRM - https://github.com/imapsync/imapsync/issues/15

CONFIRM - https://bugs.mageia.org/show_bug.cgi?id=12770

MANDRIVA - MDVSA-2014:060

MLIST - [imapsync_list] 20140122 Re: [imapsync] Upon certificate issues STARTTLS is ignored and the password sent in plaintext (#15)

MLIST - [imapsync_list] 20140120 Re: [imapsync] STARTTLS support (#15)

MLIST - [oss-security] 20140217 CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."


Last Updated: 27 May 2016 11:05:02