CVE-2017-15042

EPSS 0.18%

Cleartext transmission of credentials in net/smtp

發布日:2022/1/7修改日:2024/5/20

也稱為:GO-2021-0178

描述

SMTP clients using net/smtp can use the PLAIN authentication scheme on network connections not secured with TLS, exposing passwords to man-in-the-middle SMTP servers.

受影響套件(1)

Go/stdlib>= 1.1.0-0, < 1.8.4, >= 1.9.0-0, < 1.9.1

參考連結(4)

PATCHhttps://go.dev/cl/68170
PATCHhttps://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
REPORThttps://go.dev/issue/22134
WEBhttps://groups.google.com/g/golang-dev/c/RinSE3EiJBI/m/kYL7zb07AgAJ