CVE-2017-15042
Cleartext transmission of credentials in net/smtp
EPSS 0.18%
Description
SMTP clients using net/smtp can use the PLAIN authentication scheme on network connections not secured with TLS, exposing passwords to man-in-the-middle SMTP servers.
How to fix CVE-2017-15042
To remediate CVE-2017-15042, upgrade the affected package to a fixed version below.
- Go/stdlib—upgrade to 1.8.4 or later
Is CVE-2017-15042 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.1.0-0, < 1.8.4, >= 1.9.0-0, < 1.9.1