Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Enigmail: spoofing via Unsigned Parts Displayed Signed

March 2020 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/?langue=2

SYNTHESIS OF THE VULNERABILITY

An attacker can create spoofed data via Unsigned Parts Displayed Signed of Enigmail, in order to deceive the victim.

Impacted products: Fedora, openSUSE Leap, SLES.

Severity: 2/4.

Consequences: data reading, data creation/edition, data deletion.

Provenance: document.

Confidence: confirmed by the editor (5/5).

Creation date: 22/01/2020.

DESCRIPTION OF THE VULNERABILITY

The Enigmail signs its data in order to authenticate them.

However, data can be altered without changing the signature.

An attacker can therefore create spoofed data via Unsigned Parts Displayed Signed on Enigmail, in order to deceive the victim.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...




See previous articles

    

See next articles