[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: iphone email client does not validate ssl certificates
> iPod/iPhone standard e-mail application does not validate SSL certificates
> and is vulnerable to a MITM (man in the middle attack).
> Vulnerable: All versions.
Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
certificate is still better than sending plaintext passwords.
Does that count as a vulnerability?
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html