This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Red Hat reports :
A vulnerability in smtplib allowing MITM attacker to perform a
startTLS stripping attack. smtplib does not seem to raise an exception
when the remote end (smtp server) is capable of negotiating starttls
but fails to respond with 220 (ok) to an explicit call of
SMTP.starttls(). This may allow a malicious MITM to perform a startTLS
stripping attack if the client code does not explicitly check the
response code for startTLS.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8