PT-2021-22087 · Kde+2 · Kde Kmail+2

Damian Poddebniak

Published

2020-08-16

Updated

2021-08-20

CVE-2021-38373

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions KDE KMail version 19.12.3 (aka 5.13.3)

Description The SMTP STARTTLS option is not honored in KDE KMail, resulting in cleartext messages being sent unless the "Server requires authentication" option is checked.

Recommendations For KDE KMail version 19.12.3 (aka 5.13.3), ensure the "Server requires authentication" option is checked to enforce the use of STARTTLS for SMTP connections. As a temporary workaround, consider configuring the server to always require authentication for SMTP connections until a patch is available.

Fix

Cleartext Transmission of Sensitive Information

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-77

Related Identifiers

ALT-PU-2020-2597

CVE-2021-38373

Affected Products

Alt Linux

Debian

Kde Kmail

PT-2021-22087 · Kde+2 · Kde Kmail+2

CVE-2021-38373

Weakness Enumeration

Related Identifiers

Affected Products

References · 12