openSUSE Security Update : cyrus-imapd (openSUSE-SU-2011:0800-1)

cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands CVE-2011-1926. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)

OpenSSL is prone to a security bypass vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

SMTP STARTTLS Deployments Better than Expected

As more service providers understand and embrace the importance of encrypting online communication, certain technologies are being elevated to the forefront of conversations. Perfect Forward Secrecy and HTTP Strict Transport Security HSTS are two that generally top most lists, but another, SMTP...

SSL/TLS: XMPP 'STARTTLS' Extension Detection

Checks if the remote XMPP server/client supports SSL/TLS with the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

SSL/TLS: NNTP 'STARTTLS' Command Detection

Checks if the remote NNTP server supports SSL/TLS with the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL Heartbeat (Heartbleed) Information Leak

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report CIPHERSUITES = 0xc014,...

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

This Metasploit module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. This module requires Metasploit:...

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (1)

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak 1 / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information...

OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

Exploit for Out-of-bounds Read in Openssl

HeartBleed Tester & Exploit --------------------------- NB Ne...

SSL/TLS: IMAP 'STARTTLS' Command Detection

Checks if the remote IMAP server supports SSL/TLS with the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

HackerOne: (lack of) smtp transport layer security

Hi, It appears that email messages from the platform are sent via plain SMTP even though the receiving MX supports ESMTPS the use of ESMTP when STARTTLS is also successfully negotiated to provide a strong transport encryption layer. This allows for eavesdropping along the path between the...

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability

Multiple vendors SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103935";...

Command injection

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

CVE-2014-2567

The vulnerability CVE-2014-2567 affects Trojita prior to 0.4.1. The issue is in OpenConnectionTask::handleStateHelper in Trojita’s IMAP code, where a PREAUTH response can be exploited by a man-in-the-middle to force saving a message into the sent or draft folder over plaintext, bypassing STARTTLS...

Twitter enables StartTLS for Secure Emails to prevent Snooping

TWITTER is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS Transport Layer Security. Twitter emails were previously using a plain text communication protocol, that now has been upgraded to...

EFF Encrypt the Web Report Shows Crypto Leaders, Laggards

There’s nothing like a little peer pressure to nudge someone toward doing the right thing. That’s the philosophy behind the Electronic Frontier Foundation’s Encrypt the Web Report, which examines the encryption capabilities of 18 leading Internet companies, including large carriers, social...

Microsoft SQL Server STARTTLS Support

The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility...

SuSE 11.2 Security Update : inn (SAT Patch Number 6774)

A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...