1064 matches found
Command injection
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...
CVE-2020-15955
The CVE-2020-15955 issue affects s/qmail up to version 4.0.07, where an active MitM can inject arbitrary plaintext commands into a STARTTLS session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the attacker. The root cause is the ability to tam...
Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle MitM attacks, permitting an intruder to forge mailbox content and steal credentials...
An issue was discovered in Ruby through 2.6.7 2.7.x through 2.7.3 and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command aka a "StartTLS stripping attack."
...
Exim <= 4.96 STARTTLS Vulnerability
Exim is prone to a vulnerability in STARTTLS. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
Design/Logic Flaw
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
Design/Logic Flaw
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
Authentication flaw
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...