[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iphone email client does not validate ssl certificates


> iPod/iPhone standard e-mail application does not validate SSL certificates
> and is vulnerable to a MITM (man in the middle attack).
> Vulnerable: All versions.

Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
certificate is still better than sending plaintext passwords.

Does that count as a vulnerability?

(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html