Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210810134156.GF1599104@hal>
Date: Tue, 10 Aug 2021 15:41:56 +0200
From: Guido Berhoerster <guido+openwall.com@...hoerster.name>
To: oss-security@...ts.openwall.com
Subject: Re: STARTTLS vulnerabilities

Hi,

have you or are you planning to look into XMPP client/server
implementations as well?  The use of STARTTLS for both c2s and s2s
connections is still prevalent both in terms of implementation
support and actual practice and could potentially suffer form the
same issues (command injection or downgrade attacks).
-- 
Guido Berhoerster

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.