blob: f3263c6022aa17016493c820dee4c5aa3b701a5f [file] [log] [blame]
packages:
- module: std
package: net/smtp
symbols:
- plainAuth.Start
versions:
- introduced: 1.1.0
fixed: 1.8.4
- introduced: 1.9.0
fixed: 1.9.1
description: |
SMTP clients using net/smtp can use the PLAIN authentication scheme on
network connections not secured with TLS, exposing passwords to
man-in-the-middle SMTP servers.
published: 2022-01-07T20:35:00Z
cves:
- CVE-2017-15042
credit: Stevie Johnstone
links:
pr: https://go.dev/cl/68170
commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
context:
- https://go.dev/issue/22134
- https://groups.google.com/g/golang-dev/c/RinSE3EiJBI/m/kYL7zb07AgAJ