CVE-2021-22947: STARTTLS protocol injection via MITM

Disclosed: 2021-09-24 13:14:53 By monnerat To curl
Medium
Vulnerability Details
## Summary: A man-in-the-middle can inject cleartext forged responses to future encrypted commands by pipelining them to the STARTTLS response. ## Steps To Reproduce: Use the attached test case within the curl test system. It is based on IMAP FETCH with explicit TLS. Upon test failure, the downloaded file contains "You've been hacked!" rather than the requested mail. ## Impact Mailbox content forgery (IMAP, POP3). Sent mail content forgery (SMTP).
Actions
View on HackerOne
Report Stats
  • Report ID: 1334763
  • State: Closed
  • Substate: resolved
  • Upvotes: 7
Share this report