Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification and how it affected open source projects

www.pentagrid.ch

cross-posted to:
netsec

Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification and how it affected open source projects

www.pentagrid.ch

L4sBotB to

Security Operations • 1 year ago

cross-posted to:
netsec

Nothing new, still broken, insecure by default since then: Python's e-

www.pentagrid.ch

Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.

Nothing new, still broken, insecure by default since then: Python’s e-mail libraries and certificate verification and how it affected open source projects::Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.

You must log in or register to comment.

Chat