Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2021-38502

UNKNOWN

Published 2021-11-03T00:02:49

Actions:

No CVSS data available

Description

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Thunderbird

Affected Versions:

unspecified

References

https://www.mozilla.org/security/advisories/mfsa2021-47/

https://bugzilla.mozilla.org/show_bug.cgi?id=1733366

https://www.debian.org/security/2022/dsa-5034

https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html

Published: 2021-11-03T00:02:49

Last Modified: 2024-08-04T01:44:22.910Z

Copied to clipboard!