The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.
References
Configurations
History
21 Nov 2024, 08:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997 - Product | |
References | () https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail - Vendor Advisory | |
References | () https://news.ycombinator.com/item?id=35845308 - Issue Tracking |
12 May 2023, 14:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-311 | |
CPE | cpe:2.3:a:vk.company:mymail:*:*:*:*:*:iphone_os:*:* | |
References | (MISC) https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail - Vendor Advisory | |
References | (MISC) https://news.ycombinator.com/item?id=35845308 - Issue Tracking | |
References | (MISC) https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997 - Product |
07 May 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-07 02:15
Updated : 2024-11-21 08:03
NVD link : CVE-2023-32290
Mitre link : CVE-2023-32290
CVE.ORG link : CVE-2023-32290
JSON object : View
Products Affected
vk.company
- mymail
CWE
CWE-311
Missing Encryption of Sensitive Data