Key Management Errors
CVE-2019-9150
Summary
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-320 - Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
References
Advisory Timeline
- Published
