Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Plaintext injection in STARTTLS (multiple implementations)
Mar 07 2011 08:46PM
Wietse Venema (wietse porcupine org)
This is a writeup about a flaw that I found recently, and that
existed in multiple implementations of SMTP (Simple Mail Transfer
Protocol) over TLS (Transport Layer Security) including my Postfix
open source mailserver. I give an overview of the problem and its
impact, how to find out if a server is...
[ more ]
Copyright 2010, SecurityFocus