[3.6] go: Multiple vulnerabilities (CVE-2017-15041, CVE-2017-15042)| ID: oval:org.secpod.oval:def:1800887 | Date: (C)2018-03-28 (M)2022-08-16 |
| Class: PATCH | Family: unix |
CVE-2017-15042: smtp.PlainAuth susceptible to man-in-the-middle password harvesting; It was found that smtp.PlainAuth scheme was vulnerable to man-in-the-middle attack. smtp.PlainAuth implementation would send the username and password to man-in-the-middle SMTP server that doesnt advertise STARTTLS and does advertise that PLAIN auth is OK. Fixed In Version: golang 1.8.4, golang 1.9.1
| Platform: |
| Alpine Linux 3.6 |
