Bugtraq mailing list archives
Re: Mozilla Thunderbird SMTP down-negotiation weakness
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 26 Oct 2005 22:35:27 +1300
Thomas Henlich wrote:
Sequence of attack - S sends EHLO response with STARTTLS advertisement. - A4 discards S's STARTTLS advertisement. - PLAIN authentication takes place. - A4 can read cleartext password. RESOLUTION For A1-A3 no resolution is known. For A4, set user preference to enforce TLS.
Comment about A4.Thunderbird explicitly allows you "TLS, if available" - which appears to be what you refer to. However, there is a "TLS" - which means only do TLS - and alert if the TLS certificate presented doesn't match a known one (which would happen in a MITM).
Are you referring to a bug in their "TLS" mode - or implying that "TLS, if available" is somehow not... what it says it is...???
Doesn't sound like a hole to me. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Current thread:
- Mozilla Thunderbird SMTP down-negotiation weakness Thomas Henlich (Oct 25)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar (Oct 26)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Tony Finch (Oct 26)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Bob Beck (Oct 29)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar (Oct 29)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Tony Finch (Oct 26)
- Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar (Oct 26)