2023-05-29 00:00:00
mitre
PUBLISHED
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victims e-mail messages to be stored into an attackers IMAP mailbox, but depends on details of the victims client behavior.