reports/GO-2021-0178.yaml - vulndb - Git at Google

 module: std
 package: net/smtp
 versions:
 - introduced: go1.1
   fixed: go1.8.4
 - introduced: go1.1
   fixed: go1.9.1
 description: |
   SMTP clients using net/smtp can use the PLAIN authentication scheme on
   network connections not secured with TLS, exposing passwords to
   man-in-the-middle SMTP servers.
 cves:
 - CVE-2017-15042
 credit: Stevie Johnstone
 symbols:
 - plainAuth.Start
 links:
   pr: https://go.dev/cl/68170
   commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
   context:
   - https://go.dev/issue/22134
   - https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 published: 2022-01-07T20:35:00Z
	module: std
	package: net/smtp
	versions:
	- introduced: go1.1
	fixed: go1.8.4
	- introduced: go1.1
	fixed: go1.9.1
	description: \|
	SMTP clients using net/smtp can use the PLAIN authentication scheme on
	network connections not secured with TLS, exposing passwords to
	man-in-the-middle SMTP servers.
	cves:
	- CVE-2017-15042
	credit: Stevie Johnstone
	symbols:
	- plainAuth.Start
	links:
	pr: https://go.dev/cl/68170
	commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
	context:
	- https://go.dev/issue/22134
	- https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
	published: 2022-01-07T20:35:00Z