CVE-2021-38502 Vulnerability Details

  /     /     /  

CVE-2021-38502 Metadata Quick Info

CVE Published: 03/11/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: mozilla | Vendor: Mozilla | Product: Thunderbird
Status : PUBLISHED

---

CVE-2021-38502 Description

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Downgrade attack on SMTP STARTTLS connections
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).