PT-2020-5912 · Mutt+4 · Mutt+4

Damian Poddebniak

Published

2020-06-15

Updated

2024-06-15

CVE-2020-14093

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.3

Description: The issue is related to insufficient data protection in the Mutt email client, allowing a remote attacker to perform a man-in-the-middle attack. Specifically, Mutt before version 1.14.3 is vulnerable to an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

Recommendations: For versions prior to 1.14.3, update to version 1.14.3 or later to resolve the issue. As a temporary workaround, consider disabling the IMAP fcc/postpone feature until a patch is available. Restrict access to sensitive email accounts to minimize the risk of exploitation. Avoid using the PREAUTH response in IMAP connections until the issue is resolved.

Fix

Information Disclosure

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-319

Related Identifiers

ALT-PU-2021-1100

BDU:2021-02008

CVE-2020-14093

DLA-2268-1

DLA-2268-2

DSA-4707-1

DSA-4708-1

MGASA-2020-0357

OESA-2021-1297

OPENSUSE-SU-2020:0903-1

OPENSUSE-SU-2020:0915-1

OPENSUSE-SU-2020:2127-1

OPENSUSE-SU-2020:2157-1

OPENSUSE-SU-2020:2158-1

OPENSUSE-SU-2020_0903-1

OPENSUSE-SU-2020_0915-1

OPENSUSE-SU-2020_2127-1

OPENSUSE-SU-2024:11069-1

OPENSUSE-SU-2024:11079-1

SUSE-SU-2020:14414-1

SUSE-SU-2020:1771-1

SUSE-SU-2020:1794-1

SUSE-SU-2020_14414-1

SUSE-SU-2020_1771-1

SUSE-SU-2020_1794-1

USN-4401-1

Affected Products

Alt Linux

Linuxmint

Mutt

Suse

Ubuntu

PT-2020-5912 · Mutt+4 · Mutt+4

CVE-2020-14093

Weakness Enumeration

Related Identifiers

Affected Products

References · 81