On Tue, Mar 08, 2011 at 06:26:47PM -0800, Quanah Gibson-Mount wrote:
>
>
> --On March 8, 2011 10:20:21 AM -0800 Walter Smith <whatis...@yahoo.com>
> wrote:
>
>>
>> Hi there!
>>
>> How severe this bug is?
>
> The CVE gave it 1.39 out of a possible 180 points. Or < 2%.
>
> It will of course be addressed in a later Zimbra release.
Sites operating a STARTTLS submission service for MSAs that use AUTH
PLAIN, may want to upgrade if their users frequent public wifi hotspots,
... where MITM attacks are relatively easy to stage. There may well be
softer targets than port 587, but I think it is prudent to close this
gap. At least one large free mailbox provider has already fixed their
previously vulnerable submission service.
--
Viktor.
