Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness
Medium Nessus Network Monitor Plugin ID 1306
SynopsisThe remote host passes information across the network in an insecure manner.
DescriptionThe remote host is running a version of the Ximian Evolution email client that may be vulnerable to a man-in-the-middle attack if the client is being used with SSL (IMAPS, SMTPS, POP3S). Evolution's camel component fails to re-authenticate previously accepted SSL certificates when reestablishing a connection. Exploitation of this vulnerability potentially allows for an attacker to intercept and/or modify SSL traffic.
SolutionUpgrade to Evolution 1.1.1 or higher.