Vulnerabilities > CVE-2007-3209 - Information Disclosure vulnerability in Nongnu Mail Notification 4.0

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
nongnu

Summary

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Configurations

Part Description Count
Application
Nongnu
1