Lucene search

K
osvGoogleOSV:GO-2021-0178
HistoryJan 07, 2022 - 8:35 p.m.

Cleartext transmission of credentials in net/smtp

2022-01-0720:35:00
Google
osv.dev
13
cleartext transmission
net/smtp
plain authentication
tls
man-in-the-middle
software

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

68.9%

SMTP clients using net/smtp can use the PLAIN authentication scheme on network connections not secured with TLS, exposing passwords to man-in-the-middle SMTP servers.