CVE-2020-12619

Name of the Vulnerable Software and Affected Versions MailMate versions prior to 1.11

Description The issue allows a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated, enabling the attacker to decipher further communication. This can be accomplished by sending a single email.

Recommendations For MailMate versions prior to 1.11, update to version 1.11 or later to resolve the issue. As a temporary workaround, consider disabling the automatic import of S/MIME certificates until a patch is available. Restrict access to sensitive email communications to minimize the risk of exploitation.