* Security Bug: Alpine can be configured to start a secure connection using /tls - Erich/alpine - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eduardo Chappa <chappa@washington.edu>	2020-06-18 03:25:29 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2020-06-18 03:25:29 -0600
commit	000edd9036b6aea5e6a06900ecd6c58faec665ab (patch)
tree	cb0e40cf17e1c6e3b1f69cb02fe1ef364e605d1a /imap/src/mlock
parent	5cba97d032b16b89a6f73d5841e55bf13672f921 (diff)
download	alpine-000edd9036b6aea5e6a06900ecd6c58faec665ab.tar.xz

* Security Bug: Alpine can be configured to start a secure connection using /tls

on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising, from Münster University of Applied Sciences.

Diffstat (limited to 'imap/src/mlock')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: