Information disclosure in Apple Mac_os_x

CVE-2008-4491

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive…

Vulnerability class: Information Disclosure

EPSS: 0.012 (64.1th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Apple Mail — versions 3.5
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_SREASON, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)