Published: 11/02/2019 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

MailMate prior to 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freron mailmate

In the scope of academic research at Ruhr-University Bochum and Münster University of Applied Sciences, Germany, various vulnerabilities regarding the signature verification logic in OpenPGP and S/MIME capable email clients have been discovered While neither OpenPGP nor S/MIME are directly affected, email client implementations show a poor perfo ...

We demonstrate how an attacker can spoof email signatures in 70% of the tested clients, including Thunderbird, Outlook with GpgOL, KMail, Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail, Roundcube and Mailpile Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails" To appear at USENIX Security '19 J ...

CWE-290 https://updates.mailmate-app.com/release_notes http://www.openwall.com/lists/oss-security/2019/04/30/4 http://seclists.org/fulldisclosure/2019/Apr/38 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://github.com/RUB-NDS/Johnny-You-Are-Fired https://nvd.nist.gov http://seclists.org/fulldisclosure/2019/Apr/38

CVE-2018-15588

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect