SMTP Client in Mozilla Thunderbird Allows Authentication Information Theft via MITM Attack

SMTP Client in Mozilla Thunderbird Allows Authentication Information Theft via MITM Attack

CVE-2005-3402 · LOW Severity

AV:N/AC:H/AU:N/C:P/I:N/A:N

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.

Learn more about our Cis Benchmark Audit For Server Software.