These responses were combined with legit responses which arrive from the real server later on, after having authenticated, and as a result, a malicious active attacker on a network was able to inject extra fake mailboxes to the GUI even when upgrading connection from plaintext to a secure one via STARTTLS.
These two responses are the only ones which are handled by our pre-task code directly in Model.cpp, which means that the state machine has to be checked and messages which are received prior to authentication must be rejected. Since this is really a pretty serious violation of the IMAP state machine, let's not ignore them silently, and simply treat them as any other unexpected response.
BUG: 432353 Change-Id: I9292fcb20215ebe4dbc7a103fc9403dfa97b258b Reported-by: Damian Poddebniak Co-authored-by: Espen Sandøy Hustad espen@ehustad.com