PT-2020-14066 · Alpine+3 · Alpine+3
Published
2020-06-19
·
Updated
2025-03-20
·
CVE-2020-14929
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Alpine versions prior to 2.23
Description
The issue arises when Alpine silently proceeds to use an insecure connection after a
/tls is sent in certain circumstances involving PREAUTH. This behavior is less secure than the alternative of closing the connection and letting the user decide what they would like to do.Recommendations
For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider configuring Alpine to close the connection when an insecure connection is attempted after a
/tls is sent, allowing the user to decide the next course of action.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alpine
Linuxmint
Suse
Ubuntu