Michael M Slusarz

**Name of the Vulnerable Software and Affected Versions** Trojita versions prior to 0.4.1 **Description** The issue allows man-in-the-middle attackers to trigger the use of cleartext for saving a message into a sent or draft folder. This is achieved via a PREAUTH response that prevents later use of the STARTTLS command, specifically exploiting the OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp. **Recommendations** For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the OpenConnectionTask::handleStateHelper function until a patch is available.