| commit | 000edd9036b6aea5e6a06900ecd6c58faec665ab | |
| author | Eduardo Chappa <chappa@washington.edu> | |
| Thu, 18 Jun 2020 09:25:29 +0000 (18 03:25 -0600) | ||
| committer | Eduardo Chappa <chappa@washington.edu> | |
| Thu, 18 Jun 2020 09:25:29 +0000 (18 03:25 -0600) | ||
| tree | cb0e40cf17e1c6e3b1f69cb02fe1ef364e605d1a | treesnapshot (tar.gz zip) |
| parent | 5cba97d032b16b89a6f73d5841e55bf13672f921 | commitdiff |
* Security Bug: Alpine can be configured to start a secure connection using /tls
on an insecure connection. However, if the connection is PREAUTH, Alpine
will not upgrade the connection to a secure connection, because a client
must not issue a STARTTLS to a server that supports it in authenticated
state. This makes Alpine continue to use an insecure connection with the
server, exposing user data. Reported by Damian Poddebniak and Fabian
Ising, from Münster University of Applied Sciences.
on an insecure connection. However, if the connection is PREAUTH, Alpine
will not upgrade the connection to a secure connection, because a client
must not issue a STARTTLS to a server that supports it in authenticated
state. This makes Alpine continue to use an insecure connection with the
server, exposing user data. Reported by Damian Poddebniak and Fabian
Ising, from Münster University of Applied Sciences.
| imap/src/c-client/imap4r1.c | diffblobblamehistory | |
| pith/pine.hlp | diffblobblamehistory |