CVE-2014-2567

Name of the Vulnerable Software and Affected Versions Trojita versions prior to 0.4.1

Description The issue allows man-in-the-middle attackers to trigger the use of cleartext for saving a message into a sent or draft folder. This is achieved via a PREAUTH response that prevents later use of the STARTTLS command, specifically exploiting the OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp.

Recommendations For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the OpenConnectionTask::handleStateHelper function until a patch is available.