Unknown · Canary Mail · CVE-2021-26911
Name of the Vulnerable Software and Affected Versions:
Canary Mail versions prior to 3.22
Description:
The issue is related to missing SSL certificate validation for IMAP in STARTTLS mode. This affects the `core/imap/MCIMAPSession.cpp` file in Canary Mail.
Recommendations:
For versions prior to 3.22, update to version 3.22 or later to resolve the issue. As a temporary workaround, consider disabling the use of STARTTLS mode for IMAP connections until a patch is available. Restrict access to IMAP services to minimize the risk of exploitation. Avoid using IMAP with STARTTLS mode in the affected versions until the issue is resolved.