PT-2019-6668 · Gnome · Evolution Data Server

Jan Lieskovsky

Publicado

2019-11-25

Atualizado

2019-12-14

CVE-2011-3355

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions evolution-data-server3 versions 3.0.3 through 3.2.1

Description The issue arises when the Sent folder is located on a remote server, and the software uses an insecure, non-SSL connection to store sent email messages. This flaw could allow an attacker to obtain the login credentials of the victim.

Recommendations For evolution-data-server3 versions 3.0.3 through 3.2.1, consider configuring the software to use a secure SSL connection when storing sent email messages in the Sent folder on a remote server. As a temporary workaround, restrict access to the Sent folder on the remote server to minimize the risk of exploitation.

Exploit

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2011-3355

Produtos afetados

Evolution Data Server

PT-2019-6668 · Gnome · Evolution Data Server

CVE-2011-3355

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7