STARTTLS can be stripped and Sylpheed will proceed in plaintext leaking the user credentials.
Configure an IMAP server such that Sylpheed can connect via STARTTLS. When an attacker strips the STARTTLS capability from the server greeting and the response to the capability command, Sylpheed will not issue the STARTTLS command anymore and proceed with the login in plaintext.
Updated by Bogisich Gaston over 1 year ago
Damian Poddebniak wrote:
As this issue has not been assigned for over 8 months, I wondered if this is recognized as a security issue?
I am also facing exact same issue. Is your issue resloved? any recommendation how to solve this issue.? Can any one please help?
Updated by john bond about 1 year ago
Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon.
Updated by replica watches 9 months ago
https://www.bestwatchaaa.com/Ebel-replica.html replica https://www.hotwatchsreplica.com/Ulysse-Nardin.html https://www.bestwatchss.com/Glashutte-Replica-Watches.html https://www.bestwatchss.com/A-Lange-Sohne-Replica-Watches.html https://www.replicawatchsshop.cc/Corum-Replica.html are https://www.replicawatchsshop.cc/Piaget-Replica.html https://www.hotwatchsreplica.com/Zenith.html https://www.hotwatchsreplica.com/Panerai.html https://www.hotwatchsreplica.com/IWC.html https://www.replicawatchsshop.cc/Girard-Perregaux-Replica.html https://www.luxuryshopwatch.com/ https://www.bestwatchaaa.com/Jaeger-LeCoultre-replica.html https://www.hotwatchsreplica.com/Hermes.html online https://www.bestwatchss.com/SevenFriday-Replica-Watches.html https://www.allshopwatch.com/Arnold-Son-a-hot.html https://www.hotwatchsreplica.com/Corum.html https://www.allshopwatch.com/Gevril-a-hot.html https://www.bestwatchss.com/IWC-Replica-Watches.html http://www.classicwatchess.com/ https://www.bestwatchaaa.com/U-Boat-replica.html https://www.bestwatchaaa.com/Patek-Philippe-replica.html https://www.bestwatchaaa.com/Bell-Ross-replica.html price https://www.replicawatchsshop.cc/Breitling-Replica.html https://www.allshopwatch.com/Audemars-Piguet-a-hot.html https://www.hotwatchsreplica.com/Hublot.html https://www.hotwatchsreplica.com/Anonimo.html https://www.bestwatchaaa.com/Corum-replica.html https://www.hotwatchsreplica.com/MontBlanc.html https://www.bestwatchss.com/Alain-Silberstein-Replica-Watches.html https://www.bestwatchss.com/Zenith-Replica-Watches.html https://www.allshopwatch.com/A.-Lange-Sohne-a-hot.html https://www.hotwatchsreplica.com/ https://www.replicawatchsshop.cc/ https://www.bestwatchaaa.com/Glashutte-Original-replica.html https://www.bestwatchaaa.com/Breguet-replica.html similar https://www.allshopwatch.com/Movado-a-hot.html the https://www.hotwatchsreplica.com/girard-perregaux.html ones.
Easily, the article is actually the best topic on this registry related issue. I fit in with your conclusions and will eagerly look forward to your next updates. Just saying thanks will not just be sufficient, for the fantasti c lucidity in your writing. I will instantly grab your rss feed to stay informed of any updates. Scam Risk