Attack pattern for Cyrus IMAP STARTTLS failures

Create issue
Issue #88 resolved
Former user created an issue

reCaptcha v1 is shutdown... see g.co/recaptcha/upgrade

So cannot submit new patterns.

Wanted to submit two patterns from Cyrus IMAP:

imaps[89898]: imaps TLS negotiation failed: [2001:470:df49:2:9df9:4e98:31e1:1720]
imap[37918]: STARTTLS negotiation failed: [196.52.43.55]

These are TLS attacks - should likely give 8 points or more.

Comments (10)

  1. Kevin Zheng

    Requests for new attack patterns should be submitted here. The submission form on the website should be unlinked but might still be accessible through search engines; I should take it down properly soon.

  2. Graeme

    This is actually a false positive.

    imapd.conf:

    tls_versions: tls1_2 tls1_3

    Client attempts to negotiate tls 1.0 or tls 1.1 will generate this exact pattern.

  3. Log in to comment