oss-sec mailing list archives
Re: PGP/MIME and S/MIME mail clients vulnerabilities
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 14 May 2018 16:01:42 +0200
On Mon, 2018-05-14 at 12:29 +0200, Christian Brabandt wrote:
Looks like details have just been published: https://efail.de/
So, as far as I can tell, in that attack scenario (where the attacker has read/write access to encrypted mails): - S/MIME is completely broken at the protocol level since it has no way to defend against blind modification. Only mitigation for the clients are to prevent HTML mails and/or prevent loading of external resources. There might be other avenues to exploit the vulnerability in the future though. - PGP/MIME is a bit safer because the OpenPGP format compresses plaintext before encryption (which makes it harder for the attacker) and has some kind of authenticated (symmetric) encryption (the MDC), which helps gnupg detects modifications to the cyphertext. Most mail clients properly handle gnupg hints when something went wrong but the external interface is a bit fragile (gnupg will still output the cleartext, for example). One exception is apparently Thunderbird with enigmail before 2.0.0, but this is now fixed (I didn't find the proper commit yet). Again, not displaying HTML mails and not allowing remote content loading can help, but other “backchannels” might be found in the future. I hope this can help other people. I'm no cryptographer so I didn't look thoroughly to the crypto part of the paper, rather to the mail client integration. Feel free to correct me if there's anything wrong. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Jakub Wilk (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Christian Brabandt (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Matthew Fernandez (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer (May 22)