Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Outlook Express SMTP Over TLS Information Disclosure Vulnerability

Microsoft Outlook Express SMTP Over TLS Information Disclosure Vulnerability

by Nikola Strahija on July 21st, 2002 Microsoft Outlook Express is a mail client for the Microsoft Windows operating system. Outlook Express includes support for secure SMTP communications using TLS, as defined in RFC 2487. Under TLS, it is possible for a client and server to successfully negotiate an encrypted connection without authentication. In this case, transmitted data will be properly encrypted, but the identity of the client and server are not securely defined.


Reportedly, Outlook Express does not report this condition to the end user. Sensitive information may be disclosed to a malicious server as the SMTP conversation continues, including SMTP AUTH credentials.

This behavior has been reported in Outlook Express. It is possible, however, that additional SMTP clients share this behavior.

Remote: Yes

Exploit: No


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »