Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3621851 by bonaire
Libcurl connection reuse for cleartext-upgrade mail protocols does not include the later transfer's CURLOPT_USE_SSL. If a plaintext connection to one of these protocols is already open and reusable, a later transfer that explicitly requires STARTTLS can incorrectly reuse that plaintext connection.
This affects smtp://, pop3://, and imap://
Start the server:
python3 ./server.py --port 2525
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In