MSGID: 2:221/1.58@fidonet 07d3e0eb   
   PID: OpenXP/5.0.57 (Win32)   
   CHRS: ASCII 1   
   TZUTC: -0400   
      
   cc: INTERNET, MOBILE, SECURITY, SN_INTEL   
      
   > https://www.kuketz-blog.de/mailbox-org-entdeckt-    
   unverschluesselte-passwortuebertragung-in-mymail/   
   >   
   > Severe safety issue in mymail app found.   
      
      
   Google Translate yields --   
      
    mailbox.org discovers unencrypted password transmission in myMail   
      
   The mailbox.org team recently discovered a critical   
   vulnerability in the myMail client for iOS, which leads to   
   unencrypted transmission of user passwords and emails.   
      
   mailbox.org became aware of the problem after customers pointed   
   out transmission errors in the user forum that occurred when   
   sending emails via the myMail client. After examining the logs,   
   the team found that the myMail app was attempting to transmit   
   passwords without the otherwise required TLS encryption . After   
   the connection was established, the app did not send the usual   
   STARTTLS-Kommando, but instead continued to transmit the user's   
   unencrypted login data. This enabled mailbox.org to extract or   
   read the passwords from the connection logs.   
      
   According to Peer Heinlein, managing director of mailbox.org,   
   their e-mail servers consistently reject such unencrypted   
   connections in order to ensure user security. This is the only   
   reason why the connection attempts of the myMail app failed, so   
   that users and postmasters of mailbox.org were taken aback.   
      
   This problem is not only relevant for mailbox.org customers: It   
   also represents a general security risk for all users who use   
   the myMail client. Content and passwords can be read and tapped   
   by third parties, especially if the users are in an open   
   network (e.g. WiFi airport, train, etc.). If other providers   
   allow unencrypted connections and are used in connection with   
   the current version of the myMail app, attackers can also read   
   the content of the unencrypted e-mails.   
      
   Therefore, mailbox.org strongly recommends not using the myMail   
   client in connection with their service or other e-mail   
   providers until the developers of the app have fixed the   
   security problems. There are numerous alternative email clients   
   that offer higher security standards and protect privacy   
   better. At the same time, the current incident once again   
   underlines the importance of communicating exclusively via   
   systems that are configured securely and enforce encryption.   
      
      
   --- OpenXP 5.0.57   
    * Origin:  (2:221/1.58)   
   SEEN-BY: 10/0 1 15/0 103/705 106/201 124/5016 153/757 7715 203/0 218/0   
   SEEN-BY: 218/1 700 221/1 6 360 226/30 227/114 229/110 112 113 307   
   SEEN-BY: 229/317 426 428 470 664 700 240/1120 266/512 280/464 292/854   
   SEEN-BY: 292/8125 301/1 310/31 317/3 320/219 341/66 234 396/45 423/81   
   SEEN-BY: 460/58 633/280 712/848 2320/105   
   PATH: 221/1 280/464 103/705 218/700 229/426