Cisco firewalls, by default, perform a MITM protocol downgrade attack on the SMTP sessions they see. They modify the SMTP setup to prevent the endpoints from negotiating STARTTLS and cause them to fall back to cleartext communication. Has been true for years.
You can turn it off... but how many admins do? If you want an example of behavior which is completely plausibly-deniable, but which immensely reduces internet security, this is a good one.
You can turn it off... but how many admins do? If you want an example of behavior which is completely plausibly-deniable, but which immensely reduces internet security, this is a good one.