Plaintext command injection in multiple implementations of STARTTLS (CVE-2011-0411)Plaintext command injection in multiple implementations of STARTTLS (CVE-2011-0411) Author: Wietse Venema Last update: March 7, 2011 Summary This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and i
