search for: poddebniak

...rt confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of M?nster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. Risk: Attacker can potentially steal user c...

...rt confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of M?nster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. Risk: Attacker can potentially steal user c...