{"id":264826,"date":"2026-06-05T06:30:00","date_gmt":"2026-06-05T10:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/05\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007\/"},"modified":"2026-06-05T08:05:13","modified_gmt":"2026-06-05T12:05:13","slug":"outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/05\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007\/","title":{"rendered":"Outlook may have allowed unencrypted connections for decades, report claims \u2014 Fedora and Dovecot upgrade reveal protocol downgrade issue present since at least 2007"},"content":{"rendered":"<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007\">Outlook may have allowed unencrypted connections for decades, report claims \u2014 Fedora and Dovecot upgrade reveal protocol downgrade issue present since at least 2007<\/a><\/p>\n<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007\">https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-05 06:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.tomshardware.com\">www.tomshardware.com<\/a><\/p>\n<p id=\"elk-e88bdcfd-773e-4e97-81b5-438c8e6d1693\">An IT blogger claims to have uncovered a high-impact security vulnerability in Microsoft Outlook, which was reportedly found to have been silently downgrading secure SSL\/TLS connections to unencrypted plaintext without telling anyone. This appears to affect at least Outlook 2007 through 2016, and possibly even later versions, though that&#8217;s as of yet unconfirmed if this behavior is present from Outlook 2019 onwards.<\/p>\n<p>The report came by way of a blog post at Marius World, where the writer describes how they came across the issue after upgrading their mail servers from Fedora 42 to Fedora Server 43 (released in October 2025). Marius started getting complaints from customers unable to receive emails. All got the same error message from the mail server: &#8220;Cleartext authentication disallowed on non-secure (SSL\/TLS) connections&#8221;. This meant the user&#8217;s mail client was trying to use an unencrypted connection, something that&#8217;s been deprecated by systems administrators for decades.<\/p>\n<p id=\"elk-e88bdcfd-773e-4e97-81b5-438c8e6d1693-2\">Marius realized that all the affected people were using Outlook, from versions 2007 through 2016 at least. Worst of all, seemingly everyone actually had the &#8220;Use TLS\/SSL&#8221; checkbox enabled, meaning that protocol security had been downgraded silently all along. The bug can be triggered by having port 110 selected and using the POP3 protocol. Having TLS forced on should have prompted the client to move to port 995 automatically, or at least attempt a TLS connection at 110 anyway. Yet Outlook just happily proceeds without encryption. &#8220;Customers have likely been retrieving their emails in plaintext for over a decade, mistakenly believing encryption was enabled,&#8221; Marius states.<\/p>\n<p><span class=\"inline-flex items-center gap-1.5 text-sm font-article-heading capitalize leading-5 text-white whitespace-nowrap\"><span class=\"jwp-carousel-title-mobile\"\/><span class=\"jwp-carousel-title-desktop\">Latest Videos From<\/span><span class=\"jwp-carousel-brand inline-flex items-center\" aria-hidden=\"true\"><\/span><\/span><img decoding=\"async\" src=\"https:\/\/www.tomshardware.com\/media\/img\/brand_logo.svg\" alt=\"\" class=\"max-h-12 w-auto\" aria-hidden=\"true\"\/><\/p>\n<p>The reason why Fedora server administrators only recently started seeing this behavior is that version 43 upgraded the Dovecot SMTP\/IMAP mail server to 2.4.3, a version that got a backend disabling unencrypted authentication altogether. Likely reasons why the issue wasn&#8217;t found sooner are that nowadays the&#8230;<\/p>\n<p><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/outlook-may-have-allowed-unencrypted-connections-for-decades-report-claims-fedora-and-dovecot-upgrade-reveal-protocol-downgrade-issue-present-since-at-least-2007\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outlook may have allowed unencrypted connections for decades, report claims \u2014 Fedora and Dovecot upgrade&#8230;<\/p>\n","protected":false},"author":1,"featured_media":264827,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/TSmZBQLjkYfjFh8UuGUuBL-2048-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57,27],"class_list":["post-264826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264826"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=264826"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264826\/revisions"}],"predecessor-version":[{"id":264828,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/264826\/revisions\/264828"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/264827"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=264826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=264826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=264826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}