Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to Open Email Survey.

The vulnerability opens the door to what is called a meddle-in-the-middle (MITM) attack, according to a report by researchers Fabian Ising and Damian Poddebniak, with Münster University of Applied Sciences, based in Germany.

Read more…
Source: ThreatPost