Local Access to Secret Keys in CipherMail Webmail Messenger

Local Access to Secret Keys in CipherMail Webmail Messenger

CVE-2022-28218 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).

Learn more about our Web App Pen Testing.