Main Vulnerability Database Vulnerabilities #VU38186

Cryptographic issues in kmail - CVE-2014-8878

Published: September 28, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38186

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-8878

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: KDE.org

Affected software:
kmail

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

How to mitigate CVE-2014-8878

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/07/16/10
http://www.securityfocus.com/bid/75986
https://bugs.kde.org/show_bug.cgi?id=340312
https://bugzilla.redhat.com/show_bug.cgi?id=1243777

Cryptographic issues in kmail - CVE-2014-8878

Detailed vulnerability description

How to mitigate CVE-2014-8878

Sources

Please verify you're human