CVE-2020-15047
https://notcve.org/view.php?id=CVE-2020-15047
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. El archivo MSA/SMTP.cpp en Trojita versiones anteriores a 0.8 ignora los errores de verificación de certificados, que permite a atacantes de tipo man-in-the-middle falsificar servidores SMTP • https://bugs.kde.org/show_bug.cgi?id=423453 https://gerrit.vesnicky.cesnet.cz/r/1035 • CWE-295: Improper Certificate Validation •
CVE-2019-10734
https://notcve.org/view.php?id=CVE-2019-10734
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En KDE Trojita 0.7, un atacante que posea correos electrónicos cifrados en S/MIME o PGP puede envolverlos como subpartes de un correo electrónico multiparte manipulado. • https://bugs.kde.org/show_bug.cgi?id=404697 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2014-2567
https://notcve.org/view.php?id=CVE-2014-2567
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. La función OpenConnectionTask::handleStateHelper en Imap/Tasks/OpenConnectionTask.cpp en Trojita anterior a 0.4.1 permite a atacantes man-in-the-middle provocar uso de texto plano para el guardado de un mensaje en una carpeta (1) sent o (2) draft a través de una respuesta PREAUTH que previene el uso posterior del comando STARTTLS. • http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •