CVE-2016-0772

MEDIUM

CPython <3.4.5-2.7.12 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0772. PoCs published by tintinweb.

AI-analyzed exploit summary This PoC demonstrates a STARTTLS stripping vulnerability in Python's smtplib, where a MITM can downgrade the connection to plaintext by sending an invalid response code (200 instead of 220) to the STARTTLS command, bypassing encryption without raising an exception.

Description

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Exploits (1)

exploitdb WORKING POC

by tintinweb · textlocalmultiple

https://www.exploit-db.com/exploits/43500

View Code ZIP pw:eip

This PoC demonstrates a STARTTLS stripping vulnerability in Python's smtplib, where a MITM can downgrade the connection to plaintext by sending an invalid response code (200 instead of 220) to the STARTTLS command, bypassing encryption without raising an exception.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Python smtplib (2.7.11, 3.4.4, 3.5.1 and earlier)

No auth needed

Prerequisites: MITM position between client and SMTP server · SMTP server supporting STARTTLS

MITRE ATT&CK

T1557 - Adversary-in-the-Middle

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1630.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1627.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1629.html

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201701-18

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91225

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1628.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1626.html

Patch x_refsource_confirm

https://hg.python.org/cpython/rev/d590114c2394

Various Sources x_refsource_confirm

http://www.splunk.com/view/SP-CAAAPUE

Patch x_refsource_confirm

https://hg.python.org/cpython/rev/b3ce713fb9be

Various Sources x_refsource_confirm

http://www.splunk.com/view/SP-CAAAPSV

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1303647

Release Notes x_refsource_confirm

https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2016/06/14/9

Release Notes x_refsource_confirm

https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS

Release Notes x_refsource_confirm

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Scores

CVSS v3 6.5

EPSS 0.1452

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Details

CWE

CWE-693

Status published

Products (30)

python/python 3.5.0

python/python 3.5.1

python/python 3.0

python/python 3.0.1

python/python 3.1.0

python/python 3.1.1

python/python 3.1.2

python/python 3.1.3

python/python 3.1.4

python/python 3.1.5

... and 20 more

Published Sep 02, 2016

Tracked Since Feb 18, 2026