This article has been indexed from Softpedia News / Security
40 different vulnerabilities related to opportunity-based encryption in email clients and servers that could allow an intruder to spoof mailbox contents and steal credentials have been identified and solved during the 30th USENIX Security Symposium.
The Hacker News reports that Sebastian Schinzel, Damian Poddebniak, Fabian Ising, and Hanno Boeck highlighted the issues that have since been resolved. Their study involved 320 000 e-mail servers, with most of them susceptible to command injection attacks. Some known vulnerable clients include Gmail, Mozilla Thunderbird, Samsung Email, Apple Mail, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Yandex, and KMail.
STARTTLS refers to the version of opportunistic TLS that enables the upgrading from simple text to an encrypted connection of email communication protocols such as SMTP, POP3, and IMAP, witho…
Read the original article: New STARTTLS Flaws Spotted Affecting Popular Email Clients