Rodolfo García Peñas (kix)

1 exploit Active since Jun 2026
CVE-2020-37248 WRITEUP MEDIUM WRITEUP
OfflineIMAP < 8.0.3 - Use of Less Trusted Source
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext.
CVSS 6.5