PT-2018-3530 · Marshal · Msmtp+1

Published

2018-12-13

Updated

2024-06-15

CVE-2019-8337

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: msmtp version 1.8.2 mpop version 1.4.3

Description: The issue is related to the tls trust file command in the msmtp and mpop clients, which is associated with improper certificate authentication verification. This could allow a remote attacker to impact the integrity, availability, and confidentiality of information.

Recommendations: For msmtp version 1.8.2, consider updating the configuration of tls trust file to properly check certificate-verification results. For mpop version 1.4.3, review and adjust the tls trust file settings to ensure correct authentication of certificates.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2020-03297

CVE-2019-8337

OPENSUSE-SU-2024:11064-1

Affected Products

Mpop

Msmtp

PT-2018-3530 · Marshal · Msmtp+1

CVE-2019-8337

Weakness Enumeration

Related Identifiers

Affected Products

References · 15