CVE-2009-1390

Name of the Vulnerable Software and Affected Versions Mutt version 1.5.19

Description The issue allows remote attackers to spoof trusted servers via a man-in-the-middle attack because it only verifies one TLS certificate in the chain instead of the entire chain. This can occur when Mutt is linked against either OpenSSL or GnuTLS.

Recommendations For Mutt version 1.5.19, consider updating to a version that properly verifies the entire TLS certificate chain to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to sensitive information until a patch is available.