Insecure Encryption Handling in Mailpile: Allowing Disabled, Revoked, and Expired Keys

Insecure Encryption Handling in Mailpile: Allowing Disabled, Revoked, and Expired Keys

CVE-2018-20954 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

Learn more about our Web Application Penetration Testing UK.