Vulnerability: Microsoft Outlook Express SMTP Over TLS Information Disclosure
Results 1 to 4 of 4

Thread: Vulnerability: Microsoft Outlook Express SMTP Over TLS Information Disclosure

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: Microsoft Outlook Express SMTP Over TLS Information Disclosure

    Microsoft Outlook Express is a mail client for the Microsoft Windows operating system. Outlook Express includes support for secure SMTP communications using TLS, as defined in RFC 2487.

    Under TLS, it is possible for a client and server to successfully negotiate an encrypted connection without authentication. In this case, transmitted data will be properly encrypted, but the identity of the client and server are not securely defined.


    Reportedly, Outlook Express does not report this condition to the end user. Sensitive information may be disclosed to a malicious server as the SMTP conversation continues, including SMTP AUTH credentials.

    This behavior has been reported in Outlook Express. It is possible, however, that additional SMTP clients share this behavior.

    Remote: Yes

    Exploit: No

    Source: http://www.xatrix.org/article1734.html

  2. #2
    Any known counter measures or we must wait for the Patch?

  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hmmm well a patch should be soon published.. however this vuln is just a theory.. once its practically done and proved.. MS will issue a patch

  4. #4
    Junior Member
    Join Date
    Jul 2002
    Posts
    24
    Thank you.....tons of fun

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •