flask-mail Susceptible to starttls stripping attack when run on older Python versions (CVE-2016-0772)

Susceptible to starttls stripping attack when run on older Python versions (CVE-2016-0772)

Open dgingrich opened this issue 8 years ago • 0 comments

smtplib in old python versions doesn't check the response code of STARTTLS, allowing a attacker to force cleartext communication, see https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-0772 .

Patch in PR 135: https://github.com/mattupstate/flask-mail/pull/135

Sep 09 '16 21:09 dgingrich

flask-mail flask-mail copied to clipboard

Susceptible to starttls stripping attack when run on older Python versions (CVE-2016-0772)

flask-mail
flask-mail copied to clipboard