Main Vulnerability Database SB20200611146

SB20200611146 - Cleartext transmission of sensitive information in thunderbird (Alpine package)

Published: June 11, 2020

Security Bulletin ID SB20200611146

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-12398)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in STARTTLS implementation for an IMAP, when the server sends a PREAUTH response. In this case Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=aadba671901181be240a1d151a9f3a04f2ce3ca5