STARTTLS Vulnerabilities Affect Major Email Servers and Clients  

4
STARTTLS Vulnerabilities Affect Major Email Servers and Clients

Security researchers have discovered around 40 flaws in a TLS encryption mechanism that affects various email clients and servers. The exploitation of these flaws could result in targeted Man-in-the-Middle (MitM) attacks in which mailbox content is falsified and credentials are stolen.

The vulnerabilities have been found in multiple STARTTLS implementations, which a group of researchers described at the 30th USENIX Security Symposium.

In light of the severity of the flaws, researchers recommend installing email clients using IMAP, POP3, and SMTP with implicit TLS on the dedicated ports (ports 465, 993 and 995) and enabling implicit TLS by default.

To Read More: cyware

For more such updates follow us on Google News ITsecuritywire News