CVE-2014-2567

Trojita < 0.4.1 - Unauthenticated Exposure of Sensitive Information via PREAUTH Response

Title source: llm
STIX 2.1

Description

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.

Scores

EPSS 0.0098
EPSS Percentile 58.0%

Details

CWE
CWE-200
Status published
Products (14)
trojita_project/trojita 0.1
trojita_project/trojita 0.2
trojita_project/trojita 0.2.9
trojita_project/trojita 0.2.9.1
trojita_project/trojita 0.2.9.2
trojita_project/trojita 0.2.9.3
trojita_project/trojita 0.2.9.4
trojita_project/trojita 0.3
trojita_project/trojita 0.3.90
trojita_project/trojita 0.3.91
... and 4 more
Published Mar 21, 2014
Tracked Since Feb 18, 2026