Skip to content

Commit 3e88866

Browse files
committed
Prevent possible IMAP MITM via PREAUTH response.
This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not allowed in the Authenticated state, so previously Mutt would implicitly mark the connection as authenticated and skip any encryption checking/enabling. No credentials are exposed, but it does allow messages to be sent to an attacker, via postpone or fcc'ing for instance. Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the connection if it is unencrypted. Thanks very much to Damian Poddebniak and Fabian Ising from the Münster University of Applied Sciences for reporting this issue, and their help in testing the fix.
1 parent f64ec1d commit 3e88866

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

Diff for: imap/imap.c

+16
Original file line numberDiff line numberDiff line change
@@ -530,6 +530,22 @@ int imap_open_connection (IMAP_DATA* idata)
530530
}
531531
else if (ascii_strncasecmp ("* PREAUTH", idata->buf, 9) == 0)
532532
{
533+
#if defined(USE_SSL)
534+
/* An unencrypted PREAUTH response is most likely a MITM attack.
535+
* Require a confirmation. */
536+
if (!idata->conn->ssf)
537+
{
538+
if (option(OPTSSLFORCETLS) ||
539+
(query_quadoption (OPT_SSLSTARTTLS,
540+
_("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
541+
{
542+
mutt_error _("Encrypted connection unavailable");
543+
mutt_sleep (1);
544+
goto err_close_conn;
545+
}
546+
}
547+
#endif
548+
533549
idata->state = IMAP_AUTHENTICATED;
534550
if (imap_check_capabilities (idata) != 0)
535551
goto bail;

0 commit comments

Comments
 (0)