CVE-2020-37248: Starttls Silent Downgrade
The code checks for the 'STARTTLS' capability and silently returns or passes if it is missing. This enables a STRIPTLS attack, where a Man-In-The-Middle (MitM) attacker intercepts the initial connection and removes 'STARTTLS' from the server's capabilities response. The application will silently downgrade to a cleartext connection, exposing sensitive informa
Pythongreprules fetch cve-2020-37248-starttls-silent-downgrade --engine opengrepDescription
The code checks for the 'STARTTLS' capability and silently returns or passes if it is missing. This enables a STRIPTLS attack, where a Man-In-The-Middle (MitM) attacker intercepts the initial connection and removes 'STARTTLS' from the server's capabilities response. The application will silently downgrade to a cleartext connection, exposing sensitive informa
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0