CVE-2020-15646
Mozilla: Automatic account setup leaks Microsoft Exchange login credentials
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.
Si un atacante intercepta el intento inicial de Thunderbird de llevar a cabo los ajustes automáticos de la cuenta mediante el mecanismo de detección automática de Microsoft Exchange, y el atacante envía una respuesta diseñada, entonces Thunderbird envía el nombre de usuario y contraseña por medio de https hacia un servidor controlado por el atacante. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.10.0
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-10 CVE Reserved
- 2020-10-08 CVE Published
- 2023-06-24 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2020-26 | 2021-07-21 | |
https://access.redhat.com/security/cve/CVE-2020-15646 | 2020-07-21 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1854036 | 2020-07-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 68.10.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 68.10.0" | - |
Affected
|