WHAT IS STARTTLS? HOW STARTTLS VULNERABILITIES AFFECT POPULAR EMAIL CLIENTS?
Transport Layer Security (TLS) is one of the best-analyzed and most widely used encryption technologies. They conclude that STARTTLS is vulnerable and should be avoided due to being under-specified in the standards. However, there are still hundreds of thousands of email servers and millions of email clients that support STARTTLS.
1. What Is STARTTLS?
2. How STARTTLS Vulnerabilities Affect Popular Email Clients?
3. Attacks Prone To STARTTLS Vulnerabilities
3.1. #1. STARTTLS Command Injection Attack
3.2. #2. STARTTLS Response Injection Attack
3.3. #3. PREAUTH Command
3.4. #4. Malicious Redirects
4. How STARTTLS vulnerabilities affect popular email servers?
4.1. 1. Stealing login Credentials With IMAP And SMTP
4.2. 2. Mailbox Content Forgery
4.3. 3. IMAP Connection Downgrade
5. How You Can Protect From STARTTLS Attacks?
5.1. #1. Recommendations For Email Client Users
5.2. #2. Recommendations For Mail Server Administrators
5.3. #3. Recommendation For Application Developers
6. Tools To Test STARTTLS Vulnerabilities
6.1. Tools To Test Email Servers
6.2. Tool To Test Email Clients
Table of Contents :