#VU48662 Cleartext transmission of sensitive information in Mutt


Published: 2020-11-23 | Updated: 2020-11-26

Vulnerability identifier: #VU48662

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28896

CWE-ID: CWE-319

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Mutt
Client/Desktop applications / Office applications

Vendor: Mutt.org

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software does not ensure that $ssl_force_tls is processed if an IMAP server's initial server response is invalid. As a result, the connection is not properly closed, and the application continues authentication attempts. A remote attacker with ability to intercept traffic can perform a MitM attack and gain access to victim's credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mutt: 2.0 - 2.0.1

External links
http://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
http://github.com/neomutt/neomutt/releases/tag/20201120
http://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
http://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for mutt
openEuler update for mutt
Gentoo update for Mutt, NeoMutt
Cleartext transmission of sensitive information in mutt (Alpine package)
Arch Linux update for mutt
Arch Linux update for neomutt
Slackware Linux update for mutt
MitM attack in Mutt