Bug #322
STARTTLS can be stripped and Sylpheed will proceed in plaintext leaking the user credentials.
0%
Description
Configure an IMAP server such that Sylpheed can connect via STARTTLS. When an attacker strips the STARTTLS capability from the server greeting and the response to the capability command, Sylpheed will not issue the STARTTLS command anymore and proceed with the login in plaintext.
Updated by Damian Poddebniak 12 months ago
As this issue has not been assigned for over 8 months, I wondered if this is recognized as a security issue?
Updated by Bogisich Gaston 10 months ago
Damian Poddebniak wrote:
As this issue has not been assigned for over 8 months, I wondered if this is recognized as a security issue?
I am also facing exact same issue. Is your issue resloved? any recommendation how to solve this issue.? Can any one please help?
Updated by john bond 4 months ago
Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon.
https://abbicare.com.au/
https://www.miningbusiness.net/
https://getweightfast.com