Описание
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
Ссылки
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.1 (включая) до 4.2.1 (исключая)
cpe:2.3:a:ciphermail:webmail_messenger:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
EPSS
Процентиль: 20%
0.00064
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-276