Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Citadel 安全漏洞
Vulnerability Description
Citadel是美国Citadel公司的一个资产管理软件。 Citadel webcit 932存在安全漏洞,该漏洞源于允许攻击者将受害者的电子邮件消息存储到攻击者的 IMAP 邮箱中,攻击者利用该漏洞可以可以在 STARTTLS 命令之前的明文阶段固定他们自己的会话。
CVSS Information
N/A
Vulnerability Type
N/A