Mail does not verify IMAP/SMTP host connected via TLS
Medium
Vulnerability Details
The Mail app should verify that the servers it connects to are listed in the certificate's CN. Otherwise the connection should be aborted.
Originally reported at https://github.com/nextcloud/mail/issues/308
## Impact
The app could be forced into connecting to an insecure server.
Actions
View on HackerOneReport Stats
- Report ID: 803734
- State: Closed
- Substate: resolved
- Upvotes: 8