rspec/rules/S4499/description.adoc


			
				
					
						
						
						
							
							
							When an SMTP SSL connection is created there is no validation of the SMTP server's identity by default in some email libraries. This is equivalent to trust all SSL certificates even the one issued by a hacked SMTP server. The SMTP SSL connection should validate the certifcate before using the connection to avoid leaking sensitive information on a hacked SSL connection.

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink