FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt-devel -- failure to check SMTP TLS server certificate

Affected packages
mutt-devel < 1.5.21_4

Details

VuXML ID 49314321-7fd4-11e1-9582-001b2134ef46
Discovery 2012-03-08
Entry 2012-04-06

Dave B reports on Full Disclosure:

It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. [...] This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection.

References

CVE Name CVE-2011-1429
URL http://seclists.org/fulldisclosure/2011/Mar/87