First published: Wed Oct 08 2014(Updated: )
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Getmail Getmail | =4.44.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.