Fluid Attacks Database

Description

Cleartext transmission of credentials in net/smtp SMTP clients using net/smtp can use the PLAIN authentication scheme on network connections not secured with TLS, exposing passwords to man-in-the-middle SMTP servers.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	stdlib	>=1.1.0-0 <1.8.4	1.8.4
rpm rhel7	golang	<0:1.9.4-1.el7	0:1.9.4-1.el7

Aliases

1. CVE-2017-150422. NVD-2017-150423. OSV-GO-2021-01784. OSV-2017-150425. GCVE-2017-15042

References

1. https://go.dev/cl/681702. https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d7903. https://go.dev/issue/221344. https://groups.google.com/g/golang-dev/c/RinSE3EiJBI/m/kYL7zb07AgAJ

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.