Vulnerabilities > CVE-2010-1568 - Cryptographic Issues vulnerability in Cisco Ironport Desktop Flag Plugin for Outlook 6.2.4.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-310

NVD

Published: 2010-05-14

Updated: 2010-05-17

Summary

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Ironport Desktop Flag Plugin FOR Outlook 6.2.4.3 Cisco Ironport Desktop Flag Plugin FOR Outlook *	2

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

http://www.cisco.com/en/US/products/products_security_response09186a0080b2c505.html