By weakness (CWE)

CWE-348: related vulnerabilities

CVEs classified under CWE-348. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2020-37248MEDIUM 6.5

    OfflineIMAP before version 8.0.3 contains a man-in-the-middle vulnerability in its STARTTLS implementation. The application accepts the server's claim that TLS encryption is available without verifying it before sending login credentials, allowing an attacker on the network to intercept and read account usernames and passwords in cleartext. This is a classic STRIPTLS attack where the attacker downgrades the connection from encrypted to unencrypted.