Bug 1189208 - (NOSTARTTLS) VUL-0: NOSTARTTLS: A security analysis of STARTTLS in the EMail context
(NOSTARTTLS)
VUL-0: NOSTARTTLS: A security analysis of STARTTLS in the EMail context
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on: CVE-2020-15954 CVE-2021-38371 CVE-2021-38370 CVE-2021-38372 CVE-2021-38373 CVE-2020-14093 CVE-2020-14954 CVE-2020-14928 CVE-2020-15917 CVE-2020-15953 CVE-2020-16118 CVE-2020-16117 CVE-2021-23953 CVE-2021-33515 CVE-2021-29970 CVE-2021-3716 CVE-2021-39272
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-09 11:13 UTC by Marcus Meissner
Modified: 2021-09-03 14:56 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-08-09 11:13:07 UTC
https://nostarttls.secvuln.info/

Introduction

Connections between email clients and servers provide two ways to be protected with TLS: While implicit TLS encrypts the whole connection and runs on a separate port, STARTTLS provides a mechanism to upgrade existing unencrypted connections.

Sometimes STARTTLS is seen as an opportunistic encryption mode that provides TLS protection only when available. This is trivially vulnerable to downgrade attacks. However, modern email clients usually have the expectation that STARTTLS is enforced, and when enabled, no unencrypted communication is possible.

Upgrading of connections via STARTTLS is fragile and vulnerable to a number of security vulnerabilities and attacks. We found more than 40 vulnerabilities in STARTTLS implementations. We conclude that these vulnerabilities are so common that we recommend to avoid using STARTTLS when possible.

...
Comment 1 Marcus Meissner 2021-08-09 12:13:30 UTC
i linked all CVEs referenced in the paper to this bug, perhaps incomplete