Missing Encryption of Sensitive Data
CVE-2010-3292
Summary
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.
References
Advisory Timeline
- Published