[trojita] [Bug 432353] Untagged responses are processed before STARTTLS.

https://bugs.kde.org/show_bug.cgi?id=432353 --- Comment #7 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Hehe, the code at https://github.com/KDE/trojita/blob/master/src/Imap/Parser/Command.cpp#L71 seems familiar :-) `PartOfCommand` cannot contain a ", righ

[trojita] [Bug 432353] Untagged responses are processed before STARTTLS.

https://bugs.kde.org/show_bug.cgi?id=432353 --- Comment #5 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Hey Jan, thank you for working on this issue! > This cannot be exploited like that. I know of at least one client where this is practically exploitable. However, I am n

[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI

https://bugs.kde.org/show_bug.cgi?id=423423 --- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Ah sorry :-) I wrote that comment without thinking too much. We (me and some colleagues) performed a STARTTLS test some months ago, reported multiple vulnerabilities and a

[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI

https://bugs.kde.org/show_bug.cgi?id=423423 --- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- May I ask for an update? To be clear: we think that this is a securtiy vulnerability. -- You are receiving this mail because: You are watching all bug changes.

[trojita] [Bug 432353] Untagged responses are processed before STARTTLS.

https://bugs.kde.org/show_bug.cgi?id=432353 --- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Any update on this? To be clear: a network attacker can create new folders and tamper with local application state when STARTTLS is used. -- You are receiving this mail b

[trojita] [Bug 432354] New: Make implicit TLS the default for SMTP.

https://bugs.kde.org/show_bug.cgi?id=432354 Bug ID: 432354 Summary: Make implicit TLS the default for SMTP. Product: trojita Version: 0.7 Platform: Other OS: Linux Status: REPORTED Severity: normal

[trojita] [Bug 432353] New: Untagged responses are processed before STARTTLS.

https://bugs.kde.org/show_bug.cgi?id=432353 Bug ID: 432353 Summary: Untagged responses are processed before STARTTLS. Product: trojita Version: 0.7 Platform: Other OS: Linux Status: REPORTED Severity:

[trojita] [Bug 423453] Trojita might not validate TLS certificates in SMTP.

https://bugs.kde.org/show_bug.cgi?id=423453 --- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Thank you Jan for your very fast response and patch! Can you already tell when this will find its way into a new release? -- You are receiving this mail because: You are wa

[trojita] [Bug 423453] New: Trojita might not validate TLS certificates in SMTP.

https://bugs.kde.org/show_bug.cgi?id=423453 Bug ID: 423453 Summary: Trojita might not validate TLS certificates in SMTP. Product: trojita Version: 0.7 Platform: Other OS: Linux Status: REPORTED Severity:

[kmail2] [Bug 423426] POP3 setup wizard defaults to unencrypted connections.

https://bugs.kde.org/show_bug.cgi?id=423426 --- Comment #2 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Related: https://bugs.kde.org/show_bug.cgi?id=389427 (but for IMAP) -- You are receiving this mail because: You are watching all bug changes.

[kmail2] [Bug 423426] POP3 setup wizard defaults to unencrypted connections.

https://bugs.kde.org/show_bug.cgi?id=423426 --- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- This is also related to https://bugs.kde.org/show_bug.cgi?id=423423 as the POP3 setup will not set "Server requires authentication" per default. -- You are rec

[kmail2] [Bug 423426] New: POP3 setup wizard defaults to unencrypted connections.

https://bugs.kde.org/show_bug.cgi?id=423426 Bug ID: 423426 Summary: POP3 setup wizard defaults to unencrypted connections. Product: kmail2 Version: 5.13.3 Platform: Other OS: Linux Status: REPORTED

[kmail2] [Bug 423424] Kmail "forces" the user to accept invalid TLS certificates.

https://bugs.kde.org/show_bug.cgi?id=423424 --- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- This also applies in a limited form (dialogs show up slower) for SMTP. -- You are receiving this mail because: You are watching all bug changes.

[kmail2] [Bug 423424] New: Kmail "forces" the user to accept invalid TLS certificates.

https://bugs.kde.org/show_bug.cgi?id=423424 Bug ID: 423424 Summary: Kmail "forces" the user to accept invalid TLS certificates. Product: kmail2 Version: 5.13.3 Platform: Other OS: Linux Status:

[kmail2] [Bug 423423] New: STARTTLS is ignored when "Server requires authentication" not checked in UI

https://bugs.kde.org/show_bug.cgi?id=423423 Bug ID: 423423 Summary: STARTTLS is ignored when "Server requires authentication" not checked in UI Product: kmail2 Version: 5.13.3 Platform: Other OS: Linux

[trojita] [Bug 416942] New: Typo and unclear TLS settings

https://bugs.kde.org/show_bug.cgi?id=416942 Bug ID: 416942 Summary: Typo and unclear TLS settings Product: trojita Version: 0.7 Platform: Other OS: Linux Status: REPORTED Severity: normal

[trojita] [Bug 391667] Security bug

https://bugs.kde.org/show_bug.cgi?id=391667 --- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- So... should I write to Jan Kundrat or e.g. David Faure? This issue is trojita-specific. -- You are receiving this mail because: You are watching all bug changes.

[trojita] [Bug 391667] New: Security bug

https://bugs.kde.org/show_bug.cgi?id=391667 Bug ID: 391667 Summary: Security bug Product: trojita Version: unspecified Platform: unspecified OS: All Status: UNCONFIRMED Severity: normal