Description
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- none
- Confidentiality
- partial
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-310
Metadata
- Primary Vendor
- ENIGMAIL
- Published
- 9/8/2014
- Last Modified
- 4/12/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
enigmail : enigmailenigmail : enigmail
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.