A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched. The bug, first reported in August 2020 and patched Monday, is tied to Dovecot, used by over three-quarters of IMAP servers. The vulnerability opens the door to what is called a meddle-in-the-middle (MITM) attack. A fix for the bug is available for Dovecot running on Ubuntu, the Linux distribution based on Debian.
Source: https://threatpost.com/email-bug-message-snooping-credential-theft/167125/