CVE-2014-5369
First published: Mon Sep 08 2014(Updated: )
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Enigmail Enigmail | =1.7 | |
| Enigmail Enigmail | =1.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html
- http://secunia.com/advisories/60779
- http://secunia.com/advisories/60887
- http://secunia.com/advisories/61854
- http://sourceforge.net/p/enigmail/bugs/294/
- http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/
- http://www.openwall.com/lists/oss-security/2014/08/18/2
- http://www.openwall.com/lists/oss-security/2014/08/22/1
- https://advisories.mageia.org/MGASA-2014-0421.html
- https://security.gentoo.org/glsa/201504-01
- collector/nvd-index
- agent/type
- agent/description
- agent/remedy
- agent/weakness
- agent/tags
- agent/severity
- agent/references
- agent/event
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/enigmail
- canonical/enigmail enigmail
- version/enigmail enigmail/1.7
- version/enigmail enigmail/1.7.2