[horde] PGP vulnerability
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Mon May 14 12:21:29 UTC 2018
Zitat von Arjen de Korte <build+horde at de-korte.org>:
> Regarding below warning from the EFF:
>
> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
>
> Based on the limited information available today, I assume this has
> something to do with a crafted message that somehow discloses the
> private key to an attacker. Does anybody know if besides the plugins
> mentioned in this article, other applications (Horde for instance)
> are affected as well?
Looks like a client problem and not a problem of encryption (PGP,
S/MIME). The client must be tricked/fooled with special mime structure
to send back the decrypted contet by URL used to load external
content. So it is a example why HTML e-mail is evil.
https://www.efail.de/
What are the EFAIL attacks?
The EFAIL attacks break PGP and S/MIME email encryption by coercing
clients into sending the full plaintext of the emails to the attacker.
More information about the horde
mailing list