Security News > 2021 > August > Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack.
The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login credentials for their own account on the same server.
STARTTLS refers to a form of opportunistic TLS that enables email communication protocols such as SMTP, POP3, and IMAP to be transitioned or upgraded from a plain text connection to an encrypted connection instead of having to use a separate port for encrypted communication.
The last line of attack concerns IMAP protocol, which defines a standardized way for email clients to retrieve email messages from a mail server over a TCP/IP connection.
A malicious actor can bypass STARTTLS in IMAP by sending a PREAUTH greeting - a response that indicates that the connection has already been authenticated by external means - to prevent the connection upgrade and force a client to an unencrypted connection.
Stating that implicit TLS is a more secure option than STARTTLS, the researchers recommend users to configure their email clients to use SMTP, POP3 and IMAP with implicit TLS on dedicated ports, in addition to urging developers of email server and client applications to offer implicit TLS by default.