CVE-2024-55196

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GoPhish version 0.12.1

Description The issue allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers due to insufficiently protected credentials in the Mail Server Configuration.

Recommendations For GoPhish version 0.12.1, consider disabling the Mail Server Configuration until a patch is available to prevent attackers from accessing cleartext passwords. Restrict access to the Mail Server Configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2024-55196

GHSA-RV83-H68Q-C4WQ

GO-2025-3361

OPENSUSE-SU-2025:14624-1

OPENSUSE-SU-2025_0060-1

SUSE-SU-2025:0060-1

Affected Products

Gophish

Suse

CVE-2024-55196

Weakness Enumeration

Related Identifiers

Affected Products

References · 31