KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kmail | Kde | 19.12.3 (including) | 19.12.3 (including) |
| Kdepim-runtime | Ubuntu | bionic | * |
| Kdepim-runtime | Ubuntu | focal | * |
| Kdepim-runtime | Ubuntu | groovy | * |
| Kdepim-runtime | Ubuntu | hirsute | * |
| Kdepim-runtime | Ubuntu | impish | * |
| Kdepim-runtime | Ubuntu | kinetic | * |
| Kdepim-runtime | Ubuntu | lunar | * |
| Kdepim-runtime | Ubuntu | mantic | * |
| Kdepim-runtime | Ubuntu | oracular | * |
| Kdepim-runtime | Ubuntu | plucky | * |
| Kdepim-runtime | Ubuntu | trusty | * |
| Kdepim-runtime | Ubuntu | xenial | * |
| Kmail-account-wizard | Ubuntu | bionic | * |
| Kmail-account-wizard | Ubuntu | focal | * |
| Kmail-account-wizard | Ubuntu | groovy | * |
| Kmail-account-wizard | Ubuntu | hirsute | * |
| Kmail-account-wizard | Ubuntu | impish | * |
| Kmail-account-wizard | Ubuntu | kinetic | * |
| Kmail-account-wizard | Ubuntu | lunar | * |
| Kmail-account-wizard | Ubuntu | mantic | * |
| Kmail-account-wizard | Ubuntu | oracular | * |
| Kmail-account-wizard | Ubuntu | plucky | * |
| Kmail-account-wizard | Ubuntu | trusty | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html