You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Considering that in this case the credentials are sent in plain text, it might be better to change the default behavior to fail. The user could opt-in via a configuration option (e.g. allow_insecure_imap).
In the same function, the verification of server certificates is disabled if Mozilla::CA is not available. This largely defeats the purpose of using TLS, making it succeptible to MITM attacks. Please consider using the defaults provided by IO::Socket::SSL, as recommended here: https://metacpan.org/pod/IO::Socket::SSL#Common-Usage-Errors
The text was updated successfully, but these errors were encountered:
In function
get_imap_port()
, ifIO::Socket::SSL
is not available TLS will be disabled with only a warning:mail-dmarc/lib/Mail/DMARC/Report/Receive.pm
Line 191 in ac6d3ad
Considering that in this case the credentials are sent in plain text, it might be better to change the default behavior to fail. The user could opt-in via a configuration option (e.g.
allow_insecure_imap
).In the same function, the verification of server certificates is disabled if
Mozilla::CA
is not available. This largely defeats the purpose of using TLS, making it succeptible to MITM attacks. Please consider using the defaults provided by IO::Socket::SSL, as recommended here: https://metacpan.org/pod/IO::Socket::SSL#Common-Usage-ErrorsThe text was updated successfully, but these errors were encountered: