JVNDB-2004-000590

[Japanese]
JVNDB-2004-000590
Becky! Internet Mail vulnerability in S/MIME signature verification
Overview
Becky! Internet Mail contains the following vulnerabilities in the S/MIME signature verification: - S/MIME signature verification does not verify the certification path. - S/MIME signature verification does not verify the certification expiration date.
CVSS Severity (What is CVSS?)
Base Metrics: 5.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

Affected Products

RIMARTS Becky! Internet Mail Ver.1.03 and ealier

Impact
Even if a recipient receives an email message signed with an S/MIME signature containing a certificate forging an arbitrary email address signed by a self-signed certificate, the recipient may not notice that it is a forged email.
Solution

Vendor Information
RIMARTS Becky! Internet Mail : Becky! S/MIME plug-in
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#7C9208F1
Revision History
[2008/05/21] Web page published

Becky! Internet Mail vulnerability in S/MIME signature verification