Outlook may have allowed unencrypted connections for decades, report claims — Fedora and Dovecot upgrade reveal protocol downgrade issue present since at least 2007
A security vulnerability in Microsoft Outlook, potentially present since 2007, has been reported to silently downgrade secure SSL/TLS connections to unencrypted plaintext. This issue, discovered after a mail server upgrade, affects Outlook versions 2007 through 2016 and possibly later, leading users to believe their emails were encrypted when they were not. The vulnerability is triggered by specific POP3 configurations, and a simple mitigation involves ensuring the correct port (995) is used for POP3 connections. AI
IMPACT This vulnerability could expose sensitive user data, potentially impacting trust in email security protocols and software.