FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- authentication credentials being sent over an unencrypted connection

Affected packages
mutt < 2.0.2

Details

VuXML ID dc132c91-2b71-11eb-8cfd-4437e6ad11c4
Discovery 2020-11-20
Entry 2020-11-20

Kevin J. McCarthy reports:

Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS.

References

CVE Name CVE-2020-28896
URL https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a