Home > Vulnerability Database > CVE-2014-5369

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2014-5369

Date: September 8, 2014

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.

Language: JS

Severity Score

3.7

Related Resources (15)

Url: http://secunia.com/advisories/60887

Url: http://secunia.com/advisories/61854

Url: http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html

Url: http://secunia.com/advisories/60779

Url: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/

Url: http://www.openwall.com/lists/oss-security/2014/08/18/2

Url: http://www.openwall.com/lists/oss-security/2014/08/22/1

Url: https://security-tracker.debian.org/tracker/CVE-2014-5369

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-5369

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5369

Url: http://sourceforge.net/p/enigmail/bugs/294/

Url: http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html

Url: https://security.gentoo.org/glsa/201504-01

Url: https://advisories.mageia.org/MGASA-2014-0421.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-5369

Severity Score

3.7

Weakness Type (CWE)

Cryptographic Issues

CWE-310

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us