CVE-2022-28218

Name of the Vulnerable Software and Affected Versions CipherMail Webmail Messenger versions 1.1.1 through 4.1.4

Description An issue was discovered that allows a local attacker to access secret keys found in a Roundcube configuration file. These keys are used to protect Webmail user passwords and two-factor authentication (2FA).

Recommendations For CipherMail Webmail Messenger versions 1.1.1 through 4.1.4, consider restricting access to the Roundcube configuration file to prevent unauthorized access to secret keys until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.