CVE-2020-28896

mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial del servidor de un servidor IMAP no era válida. La conexión no se cerró correctamente y el código podría seguir intentando autenticarse. Esto podría resultar en que las credenciales de autenticación se expongan en una conexión no cifrada o en una máquina en el medio

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-17 CVE Reserved
2020-11-23 CVE Published
2024-08-04 CVE Updated
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-319: Cleartext Transmission of Sensitive Information
CWE-755: Improper Handling of Exceptional Conditions

CAPEC

References (8)

URL	Tag	Source
https://github.com/neomutt/neomutt/releases/tag/20201120	Release Notes
https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06	2021-07-21
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a	2021-07-21
https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f	2021-07-21

URL	Date	SRC
https://security.gentoo.org/glsa/202101-32	2021-07-21
https://access.redhat.com/security/cve/CVE-2020-28896	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1900826	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mutt Search vendor "Mutt"		Mutt Search vendor "Mutt" for product "Mutt"				< 2.0.2 Search vendor "Mutt" for product "Mutt" and version " < 2.0.2"		-		Affected
Neomutt Search vendor "Neomutt"		Neomutt Search vendor "Neomutt" for product "Neomutt"				< 2020-11-20 Search vendor "Neomutt" for product "Neomutt" and version " < 2020-11-20"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected