VDB
GCVE-110-MAGEIA-2020-448
GCVE-110-MAGEIA-2020-448
Advisory Published
Mutt before 2.0.2 did not ensure that $ssl_force_tls was processed if an IMAP
server's initial server response was invalid. The connection was not properly
closed, and the code could continue attempting to authenticate. This could
result in authentication credentials being exposed on an unencrypted
connection, or to a machine-in-the-middle (CVE-2020-28896).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mutt | 0 (affected), 1.11.4-1.4.mga7 (unaffected) | — |
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.