- New research reveals that millions of host sites do not have TLS encryption
- TLS encryption enables end-to-end encryption for more secure communications and browsing
- ShadowServer has recommended that these hosts be removed
New research from ShadowServer has revealed that 3.3 million POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol) mail servers are currently exposed to network sniffing attacks, because they do not have TLS encryption.
TLS, or Transport Layer Security, is a security protocol that provides end-to-end security between applications over the Internet. It is used for secure web browsing and encrypts communications through email, file transfer, and messaging.
ShadowServer scanned the Internet for hosts running a POP3 service on port 110/TCP or 995/TCP without TLS support and found 3.3 million hosts without the security layer.
time to retire
Without TLS, passwords to access mail could be intercepted and exposed services could allow password guessing attacks on the server. Without encryption, credentials and message content are sent in clear text, exposing hosts to network sniffing attacks.
Nearly 900,000 of these sites were in the US, with more than 500,000 and 380,000 in Germany and Poland, but the researchers note that “regardless of whether TLS is enabled or not, exposing the service can allow password guessing attacks against the server”.
“We have started reporting on hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted,” the ShadowServer Foundation said in a tweet.
“We see about 3.3 million such cases with POP3 and a similar number with IMAP (most overlap). It’s time to retire them!
In August 2018, TLS 1.2 was updated with TLS 1.3, and 1.3 offers significant improvements in both performance and security. Although TLS is very common, ImmuniWeb reports that from the first quarter of 2024 to date, there have been 1,421,781 SSL/TLS events, so even with encryption, there are dangers for users.
Via SecurityAffairs
