blob: 7802479dbc0ed395d0792c51b1fba313686a6be3 [file] [log] [blame]
module: std
package: net/smtp
versions:
- introduced: go1.1
fixed: go1.8.4
- introduced: go1.1
fixed: go1.9.1
description: |
SMTP clients using net/smtp can use the PLAIN authentication scheme on
network connections not secured with TLS, exposing passwords to
man-in-the-middle SMTP servers.
published: 2022-01-07T20:35:00Z
cves:
- CVE-2017-15042
credit: Stevie Johnstone
symbols:
- plainAuth.Start
links:
pr: https://go.dev/cl/68170
commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
context:
- https://go.dev/issue/22134
- https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ