CVE-2014-5369

https://notcve.org/view.php?id=CVE-2014-5369

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. Enigmail 1.7.x anterior a 1.7.2 envía emails en texto claro cuando la codificación está habilitada y solamente los recipientes BCC están especificados, lo que permite a atacantes remotos obtener información sensible mediante la captura del trafico de la red. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html http://secunia.com/advisories/60779 http://secunia.com/advisories/60887 http://secunia.com/advisories/61854 http://sourceforge.net/p/enigmail/bugs/294 http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4 http://www.openwall.com/lists/oss-security/2014/08/18/2 http://www.openwall.com/lists/oss-security/2014/08/22/1 https://advis • CWE-310: Cryptographic Issues •