CVE-2014-5369 Information
Description
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified which allows remote attackers to obtain sensitive information by sniffing the network.
Reference
http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html http://secunia.com/advisories/60779 http://secunia.com/advisories/60887 http://secunia.com/advisories/61854 http://sourceforge.net/p/enigmail/bugs/294/ http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/ http://www.openwall.com/lists/oss-security/2014/08/18/2 http://www.openwall.com/lists/oss-security/2014/08/22/1 https://advisories.mageia.org/MGASA-2014-0421.html https://security.gentoo.org/glsa/201504-01
Share on: