Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS.
Created mutt tracking bugs for this issue:
Affects: fedora-all [bug 1900827]
Red Hat Product Security has rated the severity of this flaw as Moderate because although the Confidentiality impact is high, the attack complexity is also high as a particular attacker would at least need to coordinate social engineering a victim to connect to a bad server, and also perform a man-in-the-middle attack or perform similar interception of the connection. Please see the following page for details on Red Hat severity ratings with special attention to Moderate: https://access.redhat.com/security/updates/classification .
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4181 https://access.redhat.com/errata/RHSA-2021:4181