Django SMTP Backend STARTTLS Vulnerability Allowing Unencrypted Email Transmission

A vulnerability exists in Django's SMTP email backend that could lead to unencrypted email transmission. This issue is present in Django versions 6.0 prior to 6.0.6 and 5.2 prior to 5.2.15. The vulnerability arises when 'fail_silently=True' is set, allowing on-path attackers to intercept email content in cleartext. This occurs because the backend fails to properly manage a partially-initialized connection after a failed STARTTLS handshake, reusing it for sending emails without encryption.

Impact

Exploitation of this vulnerability could result in interception and reading of email content transmitted in cleartext, potentially exposing sensitive information.

Reproduction

To reproduce this vulnerability, configure Django to use the SMTP email backend with 'EMAIL_USE_TLS' enabled and 'fail_silently' set to True. When a STARTTLS handshake fails, the backend will reuse the unencrypted connection for sending emails, allowing interception of the email content.

Remediation

Users can upgrade to Django versions 6.0.6 or 5.2.15, both of which include the necessary patch. Instructions for downloading these versions are available on the Django website.