Unencrypted POP3 Communication in KDE KMail Email Client
CVE-2020-15954

6.5MEDIUM

Key Information:

Vendor

Kde

Status
Kmail
Vendor
CVE Published:
27 July 2020

What is CVE-2020-15954?

KDE KMail version 19.12.3 improperly handles encryption during POP3 communication, resulting in potentially sensitive user data being sent over unencrypted channels. This vulnerability creates a misleading user interface experience where users may believe their communications are safe from eavesdropping, whereas they are actually exposed. It is crucial for users of KMail to be aware of this issue and take necessary precautions to secure their email interactions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.kde.org/show_bug.cgi?id=423426
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/07/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.