CVE-2020-37248
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
3
PROJECTS
Description
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext.
Read/sync your IMAP mailboxes (python2) [LEGACY: move to offlineimap3]
GitHub