CVE-2023-32290

Name of the Vulnerable Software and Affected Versions myMail app versions through 14.30 for iOS

Description The issue concerns the myMail app sending cleartext credentials in a situation where STARTTLS is expected by a server. This occurs when the app is used with a server that expects a secure connection to be established using STARTTLS, but the app fails to initiate this secure connection, resulting in the transmission of credentials in plain text.

Recommendations For myMail app versions through 14.30 for iOS, consider updating to a version that properly implements STARTTLS to prevent cleartext credential transmission. As a temporary workaround, restrict the use of the myMail app with servers that expect STARTTLS until a patch is available.