Atacker can inject cleartext commands before TLS phase.
vulners.com/securityvulns/securityvulns:doc:25899
vulners.com/securityvulns/securityvulns:doc:26393
vulners.com/securityvulns/securityvulns:doc:28594