Kontact is vanuable by NO STARTTLS
Sandro Knauß
sknauss at kde.org
Fri Sep 10 20:28:26 BST 2021
Hey,
the security team of nostarttls [1] have found two vulnerabilities within
Kontact/Kmail:
#423423 - STARTTLS is ignored when "Server requires authentication" not
checked in UI
#423424 - Kmail "forces" the user to accept invalid TLS certificates
Regards,
hefee
[1] https://nostarttls.secvuln.info/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20210910/dd5572a8/attachment.sig>
More information about the kde-pim
mailing list