Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-5369

Published: 08/09/2014 Updated: 22/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Enigmail

Vulnerability Summary

Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

enigmail enigmail 1.7.2

enigmail enigmail 1.7

Recent Articles

Enigmail PGP plugin forgets to encrypt mail sent as blind copies
The Register • Darren Pauli • 09 Sep 2014

User now 'waiting for the bad guys come and get me with their water-boards'

Enigmail has patched a hole in the world's most popular PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked. The dangerous hole in the Mozilla Thunderbird extension affected email that was sent only to blind carbon copy recipients on all versions below 1.7.2 released last month. It could mean any Enigmail user, possibly activists and journalists, may have sent apparently encrypted emails that could be read by attackers. Enigmail dev Nicolai Josutt...

Read more...

References

CWE-310http://www.openwall.com/lists/oss-security/2014/08/22/1http://secunia.com/advisories/60887http://www.openwall.com/lists/oss-security/2014/08/18/2http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/http://secunia.com/advisories/60779http://sourceforge.net/p/enigmail/bugs/294/http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00008.htmlhttps://advisories.mageia.org/MGASA-2014-0421.htmlhttp://secunia.com/advisories/61854https://security.gentoo.org/glsa/201504-01https://nvd.nist.govhttps://www.theregister.co.uk/2014/09/09/enigmail_encryption_error_prompts_plaintext_panic/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook