FreeBSD : mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection (36f9ac43-b2ac-11e3-8752-080027ef73ec)
Medium Nessus Plugin ID 73150
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionJan Kundrat reports :
An SSL stripping vulnerability was discovered in Trojita, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the 'sent' or 'draft' folders could happen over a plaintext connection even if the user's preferences specify STARTTLS as a requirement.
SolutionUpdate the affected package.