Vigil@nce - kdelibs: man-in-the-middle via POP3 kioslave
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a man-in-the-middle between KMail and a
POP3 server, in order to read or alter data.
Impacted products: Fedora, Unix (platform)
Severity: 2/4
Creation date: 19/06/2014
DESCRIPTION OF THE VULNERABILITY
The KMail/KIO product uses the kdelibs library.
The POP3 kioslave is used by KMail to connect to a POP3 messaging
server. However, if the certificate of the secured POP3 server
changed, the error does not flow to KMail, so the user is not
warned.
An attacker can therefore act as a man-in-the-middle between KMail
and a POP3 server, in order to read or alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/kdelibs-man-in-the-middle-via-POP3-kioslave-14918