CVE-2005-3402

NameCVE-2005-3402
DescriptionThe SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

That's a non-issue; only a feature request for an improvement in a corner case.
If someone wants to use security-sensitive communication a TLS-secured server
should be used.

Search for package or bug name: Reporting problems