Insecure Encryption Handling in Mailpile: Allowing Disabled, Revoked, and Expired Keys
CVE-2018-20954 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
Learn more about our Web Application Penetration Testing UK.