SMTP STARTTLS Misconfiguration in KDE KMail from KDE
CVE-2021-38373

5.3MEDIUM

Key Information:

Vendor

Kde

Status
Kmail
Vendor
CVE Published:
10 August 2021

What is CVE-2021-38373?

In KDE KMail version 19.12.3, a configuration issue prevents the SMTP STARTTLS option from being properly utilized. This results in emails being transmitted in cleartext unless the 'Server requires authentication' setting is enabled. Consequently, sensitive information may be exposed during email transmission, posing a risk to users concerned about email security and privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://nostarttls.secvuln.info
x_refsource_MISC
https://bugs.kde.org/show_bug.cgi?id=423423
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.