CVE-2020-15955

Description

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.

Affected Software
References

Software	From	Fixed in
fehcom / s/qmail	-	4.0.07.x

https://nostarttls.secvuln.info/
https://www.fehcom.de/sqmail/sqmail.html

Severity: Medium

CVE: CVE-2020-15955
Published: Aug 17, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-77

A1 - Injection

CVE-2020-15955

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10