CVE-2014-7274

Name of the Vulnerable Software and Affected Versions getmail version 4.44.0

Description The issue concerns the IMAP-over-SSL implementation, which fails to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. This allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.

Recommendations For getmail version 4.44.0, consider disabling the IMAP-over-SSL functionality until a patch is available to properly verify server hostnames against certificate details. Restrict access to sensitive information to minimize the risk of exploitation.