An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
CPE | Name | Operator | Version |
---|---|---|---|
webmail_messenger | ge | 1.1.1 | |
webmail_messenger | lt | 4.2.1 |