Duese

**Name of the Vulnerable Software and Affected Versions** Mutt versions prior to 2.0.2 NeoMutt versions prior to 2020-11-20 **Description** The issue is related to insufficient protection of registration data, which could allow a remote attacker to access confidential data. If an IMAP server's initial server response was invalid, the connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. **Recommendations** For Mutt versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. For NeoMutt versions prior to 2020-11-20, update to a version released after 2020-11-20 to resolve the issue. As a temporary workaround, consider disabling the use of IMAP servers with invalid initial server responses until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.