Possible Vulnerability or SMTP Security Issue

  • Resolved skigirl1369

    (@skigirl1369)


    1 year, 4 months ago

    Our IT department identified an issue with three websites where the WP SMTP plugin is used. Two sites are configured with SendGrid and one with Other SMTP. For Other SMTP, we have Encryption set to TLS and port 587 and Authentication On. The information on the vulnerability is below. Is the WP SMTP plugin not secure to use?

    54582 (2) – SMTP Service Cleartext Login Permitted

    Synopsis
    The remote mail server allows cleartext logins.
    Description
    The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
    See Also
    https://tools.ietf.org/html/rfc4422
    https://tools.ietf.org/html/rfc4954

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Darshana

    (@darshanaw)

    1 year, 4 months ago

    Hi @skigirl1369,

    Thank you for reaching out! I have shared your report with our development team, and I will update you once I receive more information from them.

    We appreciate your patience in the meantime.

    Thank you!

    Plugin Support Darshana

    (@darshanaw)

    1 year, 4 months ago

    Hi @skigirl1369,

    I appreciate your patience!

    After consulting with our team, it appears that the issue you’re experiencing is related to the SMTP server configuration rather than the WP Mail SMTP plugin itself. The WP Mail SMTP plugin functions as a client to send emails via an SMTP server but does not control the server’s encryption settings. Therefore, any vulnerabilities, such as allowing cleartext logins, are due to the SMTP server’s configuration. For more information, please refer.

    As for SendGrid mailer, since it’s an API-based mailer, it does not have this vulnerability.

    If you have any further questions or need assistance, please let us know.

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Possible Vulnerability or SMTP Security Issue’ is closed to new replies.