Vulnerability Description
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citadel | Webcit | <= 932 |
References
- http://uncensored.citadel.org/dotgoto?room=Citadel%20SecurityIssue Tracking
- https://nostarttls.secvuln.info/Broken Link
- https://uncensored.citadel.org/msg/2099264259Exploit
- http://uncensored.citadel.org/dotgoto?room=Citadel%20SecurityIssue Tracking
- https://nostarttls.secvuln.info/Broken Link
- https://uncensored.citadel.org/msg/2099264259Exploit
FAQ
What is CVE-2021-37845?
CVE-2021-37845 is a vulnerability with a CVSS score of 3.7 (LOW). An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS ...
How severe is CVE-2021-37845?
CVE-2021-37845 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37845?
Check the references section above for vendor advisories and patch information. Affected products include: Citadel Webcit.