Test ID:	1.3.6.1.4.1.25623.1.0.108457
Category:	Web application abuses
Title:	Roundcube Webmail < 1.3.7 Enigma Plugin PGP Vulnerability (EFAIL)
Summary:	Roundcube Webmail is prone to an information disclosure; vulnerability in the Enigma Plugin.
Description:	Summary: Roundcube Webmail is prone to an information disclosure vulnerability in the Enigma Plugin. Vulnerability Insight: Roundcube Webmail with enabled PGP support via the Enigma Plugin mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type which can indirectly lead to plaintext exfiltration, aka EFAIL. Affected Software/OS: Roundcube Webmail prior to version 1.3.7. Solution: Update to version 1.3.7 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17688 BugTraq ID: 104162 http://www.securityfocus.com/bid/104162 http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html https://efail.de https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html https://news.ycombinator.com/item?id=17066419 https://protonmail.com/blog/pgp-vulnerability-efail https://twitter.com/matthew_d_green/status/995996706457243648 https://www.patreon.com/posts/cybersecurity-15-18814817 http://www.securitytracker.com/id/1040904 Common Vulnerability Exposure (CVE) ID: CVE-2018-19205 https://github.com/roundcube/roundcubemail/releases/tag/1.3.7 https://roundcube.net/news/2018/07/27/update-1.3.7-released
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.