← Back

CVE-2014-2014

nvd nist
Published: Apr 18, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.

Affected (15)

Imapsync Project
1 product
Imapsync
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Imapsync Project
Imapsync
Up to 1.580
Imapsync
Version 1.500
Imapsync
Version 1.504
Imapsync
Version 1.508
Imapsync
Version 1.516
Imapsync
Version 1.518
Imapsync
Version 1.525
Imapsync
Version 1.53
Imapsync
Version 1.542
Imapsync
Version 1.547
Imapsync
Version 1.554
Imapsync
Version 1.558
Imapsync
Version 1.564
Imapsync
Version 1.567
Imapsync
Version 1.569

Related CWEs

CWE-255
CWE-255

References (16)

Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.