Bug #322: STARTTLS can be stripped and Sylpheed will proceed in plaintext leaking the user credentials. - Sylpheed

Bug #322

STARTTLS can be stripped and Sylpheed will proceed in plaintext leaking the user credentials.

Added by Damian Poddebniak about 2 years ago. Updated 4 months ago.

Status:

New

Priority:

High

Assignee:

-

Category:

Security

Target version:

Start date:

05/30/2020

Due date:

% Done:

0%

Estimated time:

Description

Configure an IMAP server such that Sylpheed can connect via STARTTLS. When an attacker strips the STARTTLS capability from the server greeting and the response to the capability command, Sylpheed will not issue the STARTTLS command anymore and proceed with the login in plaintext.

#1

Updated by Damian Poddebniak over 1 year ago

As this issue has not been assigned for over 8 months, I wondered if this is recognized as a security issue?

#2

Updated by Bogisich Gaston over 1 year ago

Damian Poddebniak wrote:

As this issue has not been assigned for over 8 months, I wondered if this is recognized as a security issue?

I am also facing exact same issue. Is your issue resloved? any recommendation how to solve this issue.? Can any one please help?

https://www.myfordbenefits.us/

#3

Updated by john bond 10 months ago

Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon.
https://abbicare.com.au/
https://www.miningbusiness.net/
https://getweightfast.com

#4

Updated by replica watches 4 months ago

https://www.bestwatchaaa.com/Ebel-replica.html replica https://www.hotwatchsreplica.com/Ulysse-Nardin.html https://www.bestwatchss.com/Glashutte-Replica-Watches.html https://www.bestwatchss.com/A-Lange-Sohne-Replica-Watches.html https://www.replicawatchsshop.cc/Corum-Replica.html are https://www.replicawatchsshop.cc/Piaget-Replica.html https://www.hotwatchsreplica.com/Zenith.html https://www.hotwatchsreplica.com/Panerai.html https://www.hotwatchsreplica.com/IWC.html https://www.replicawatchsshop.cc/Girard-Perregaux-Replica.html https://www.luxuryshopwatch.com/ https://www.bestwatchaaa.com/Jaeger-LeCoultre-replica.html https://www.hotwatchsreplica.com/Hermes.html online https://www.bestwatchss.com/SevenFriday-Replica-Watches.html https://www.allshopwatch.com/Arnold-Son-a-hot.html https://www.hotwatchsreplica.com/Corum.html https://www.allshopwatch.com/Gevril-a-hot.html https://www.bestwatchss.com/IWC-Replica-Watches.html http://www.classicwatchess.com/ https://www.bestwatchaaa.com/U-Boat-replica.html https://www.bestwatchaaa.com/Patek-Philippe-replica.html https://www.bestwatchaaa.com/Bell-Ross-replica.html price https://www.replicawatchsshop.cc/Breitling-Replica.html https://www.allshopwatch.com/Audemars-Piguet-a-hot.html https://www.hotwatchsreplica.com/Hublot.html https://www.hotwatchsreplica.com/Anonimo.html https://www.bestwatchaaa.com/Corum-replica.html https://www.hotwatchsreplica.com/MontBlanc.html https://www.bestwatchss.com/Alain-Silberstein-Replica-Watches.html https://www.bestwatchss.com/Zenith-Replica-Watches.html https://www.allshopwatch.com/A.-Lange-Sohne-a-hot.html https://www.hotwatchsreplica.com/ https://www.replicawatchsshop.cc/ https://www.bestwatchaaa.com/Glashutte-Original-replica.html https://www.bestwatchaaa.com/Breguet-replica.html similar https://www.allshopwatch.com/Movado-a-hot.html the https://www.hotwatchsreplica.com/girard-perregaux.html ones.

Also available in: Atom PDF