Subj : . To : All From : August Abolins Date : Thu Apr 27 2023 08:42:00 cc: INTERNET, MOBILE, SECURITY, SN_INTEL > https://www.kuketz-blog.de/mailbox-org-entdeckt- unverschluesselte-passwortuebertragung-in-mymail/ > > Severe safety issue in mymail app found. Google Translate yields -- mailbox.org discovers unencrypted password transmission in myMail The mailbox.org team recently discovered a critical vulnerability in the myMail client for iOS, which leads to unencrypted transmission of user passwords and emails. mailbox.org became aware of the problem after customers pointed out transmission errors in the user forum that occurred when sending emails via the myMail client. After examining the logs, the team found that the myMail app was attempting to transmit passwords without the otherwise required TLS encryption . After the connection was established, the app did not send the usual STARTTLS-Kommando, but instead continued to transmit the user's unencrypted login data. This enabled mailbox.org to extract or read the passwords from the connection logs. According to Peer Heinlein, managing director of mailbox.org, their e-mail servers consistently reject such unencrypted connections in order to ensure user security. This is the only reason why the connection attempts of the myMail app failed, so that users and postmasters of mailbox.org were taken aback. This problem is not only relevant for mailbox.org customers: It also represents a general security risk for all users who use the myMail client. Content and passwords can be read and tapped by third parties, especially if the users are in an open network (e.g. WiFi airport, train, etc.). If other providers allow unencrypted connections and are used in connection with the current version of the myMail app, attackers can also read the content of the unencrypted e-mails. Therefore, mailbox.org strongly recommends not using the myMail client in connection with their service or other e-mail providers until the developers of the app have fixed the security problems. There are numerous alternative email clients that offer higher security standards and protect privacy better. At the same time, the current incident once again underlines the importance of communicating exclusively via systems that are configured securely and enforce encryption. --- OpenXP 5.0.57 * Origin: A turtle that surfs the dark web. [o] A TORtoise (2:221/1.58) .