vulnerability
FreeBSD: VID-DC132C91-2B71-11EB-8CFD-4437E6AD11C4 (CVE-2020-28896): mutt -- authentication credentials being sent over an unencrypted connection
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:N/AC:H/Au:N/C:P/I:N/A:N) | Nov 20, 2020 | Nov 22, 2020 | Dec 16, 2020 |
Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
Nov 20, 2020
Added
Nov 22, 2020
Modified
Dec 16, 2020
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-DC132C91-2B71-11EB-8CFD-4437E6AD11C4:
Kevin J. McCarthy reports:
Mutt had incorrect error handling when initially connecting to an IMAP
server, which could result in an attempt to authenticate without enabling TLS.
Solution
freebsd-upgrade-package-mutt
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.