It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security (TLS) encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption....

#Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

USN-8431-1: Ruby vulnerabilities

VERWANDTEARTIKEL

OptinMonster WordPress plugin hacked in CDN supply-chain attack

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

DPAPISnoop Tool Extracts CREDHIST Hashes for Offline Windows Credential Recovery

Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users

Autonome KI-Agenten erhöhen die Angriffsfläche in Unternehmen

Chinese Hackers Target Medical, Military, and AI Research in North America