Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4491

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4491
Last Modified 10 Feb 2009 01:55:22
Published 08 Oct 2008 02:00:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4491

Summary

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

Vulnerable Systems

Application

  • Apple Mail 3.5


References

XF - apple-mail-smime-information-disclosure(45688)

SECTRACK - 1021019

BID - 31598

BUGTRAQ - 20081006 [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text

SREASON - 4363

MISC - http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt

MISC - http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/


Last Updated: 27 May 2016 10:48:31