4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.8%
Richard J. Moore reports:
The POP3 kioslave used by KMail will accept invalid
certificates without presenting a dialog to the user due a
bug that leads to an inability to display the dialog
combined with an error in the way the result is checked.
This flaw allows an active attacker to perform MITM
attacks against the ioslave which could result in the leakage of
sensitive data such as the authentication details and the contents of
emails.