Skip to content

Insecure Transport: Mail Transmission #26

New issue
New issue
Open
Open
Insecure Transport: Mail Transmission#26
@QiAnXinCodeSafe

Description

@QiAnXinCodeSafe
QiAnXinCodeSafe
opened on Sep 24, 2019

shepher/shepher-service/src/main/java/com/xiaomi/shepher/common/GeneralMailSender.java

Lines 60 to 68 in 5311757

Email email = new HtmlEmail();
email.setHostName(hostname);
email.setAuthenticator(new DefaultAuthenticator(username, password));
email.setSmtpPort(port);
email.setFrom(from, fromname);
email.setSubject(title);
email.setMsg(content);
email.addTo(mailAddress.split(mailAddressEndSeparator));
email.send();

Establishing an unencrypted connection to a mail server allows an attacker to carry out a man-in-the-middle attack and read all the mail transmissions.
SSL/TLS connection is a better choice

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions