Unrated severityNVD Advisory· Published Apr 18, 2014· Updated May 6, 2026
CVE-2014-2014
CVE-2014-2014
Description
imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.
Affected products
15cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*range: <=1.580
- cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.564:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.567:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.569:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- seclists.org/oss-sec/2014/q1/378nvdPatch
- seclists.org/oss-sec/2014/q1/367nvd
- www.linux-france.org/prj/imapsync_list/msg01907.htmlnvd
- www.linux-france.org/prj/imapsync_list/msg01910.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- bugs.mageia.org/show_bug.cginvd
- github.com/imapsync/imapsync/issues/15nvd
- lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.htmlnvd
News mentions
0No linked articles in our index yet.