The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome evolution - |
||
mozilla thunderbird - |
||
ibm notes - |
||
emclient emclient - |
||
horde horde imp - |
||
9folders nine - |
||
freron mailmate - |
||
kde kmail - |
||
ritlabs the bat - |
||
microsoft outlook 2013 |
||
flipdogsolutions maildroid - |
||
r2mail2 r2mail2 - |
||
apple mail - |
||
bloop airmail - |
||
microsoft outlook 2010 |
||
microsoft outlook 2007 |
||
google gmail - |
||
kde trojita - |
||
postbox-inc postbox - |
||
microsoft outlook 2016 |
If a hacker can get into your inbox of ciphered messages, they may be able to read the content PGP and S/MIME decryptors can leak plaintext from emails, says infosec Professor
Security researchers have gone public with vulnerabilities in some secure mail apps that can be exploited by miscreants to decrypt intercepted PGP-encrypted messages. The flaws, collectively dubbed EFAIL, are present in the way some email clients handle PGP and S/MIME encrypted messages. By taking advantage of the way the applications handle HTML content of these messages, an attacker could potentially see encrypted messages as plaintext. In other words, decrypt your secret emails. The research ...