In the scope of academic research at Ruhr-University Bochum and Münster
University of Applied Sciences, Germany, various vulnerabilities
regarding the signature verification logic in OpenPGP and S/MIME capable
email clients have been discovered
While neither OpenPGP nor S/MIME are directly affected, email client
implementations show a poor perfo ...
We demonstrate how an attacker can spoof email signatures in 70% of the
tested clients, including Thunderbird, Outlook with GpgOL, KMail,
Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail,
Roundcube and Mailpile
Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures
in Emails"
To appear at USENIX Security '19 J ...