CVE-2007-1137

Name of the Vulnerable Software and Affected Versions Putmail versions prior to 1.4

Description The issue arises when a user attempts to use TLS with a server that does not support it. In such cases, the software fails to detect the lack of TLS support and sends the username and password in plaintext, despite the user's belief that encryption is in use. This allows remote attackers to obtain sensitive information.

Recommendations For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider disabling TLS usage with servers that do not support it to minimize the risk of exploitation. Restrict access to sensitive information until the issue is resolved by updating the software.