CVE-2020-12619
First published: Thu Aug 20 2020(Updated: )
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freron Mailmate | <1.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12619?
CVE-2020-12619 is a vulnerability in MailMate before version 1.11 that allowed a man-in-the-middle attacker to obtain and replace S/MIME certificates.
How does CVE-2020-12619 affect MailMate?
CVE-2020-12619 affects MailMate versions before 1.11 and can result in the replacement of existing S/MIME certificates.
What is the severity of CVE-2020-12619?
CVE-2020-12619 has a severity rating of medium, with a CVSS score of 5.9.
How can the man-in-the-middle attack be performed in CVE-2020-12619?
The man-in-the-middle attacker can obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated.
How can I fix CVE-2020-12619 in MailMate?
To fix CVE-2020-12619, users of MailMate should update to version 1.11 or higher, which addresses the vulnerability.
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/freron
- canonical/freron mailmate