CVE-2014-5369
N/A
N/A
Summary
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html
- http://secunia.com/advisories/60779
- http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/
- http://secunia.com/advisories/60887
- https://advisories.mageia.org/MGASA-2014-0421.html
- https://security.gentoo.org/glsa/201504-01
- http://sourceforge.net/p/enigmail/bugs/294/
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html
- http://www.openwall.com/lists/oss-security/2014/08/22/1
- http://www.openwall.com/lists/oss-security/2014/08/18/2
- http://secunia.com/advisories/61854
References
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html
- http://secunia.com/advisories/60779
- http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/
- http://secunia.com/advisories/60887
- https://advisories.mageia.org/MGASA-2014-0421.html
- https://security.gentoo.org/glsa/201504-01
- http://sourceforge.net/p/enigmail/bugs/294/
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html
- http://www.openwall.com/lists/oss-security/2014/08/22/1
- http://www.openwall.com/lists/oss-security/2014/08/18/2
- http://secunia.com/advisories/61854
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.