Vulnerabilities in PGP and SMIME Will Leak Emails in Plain Text
Pretty Good Privacy (PGP) and S/MIME Email encryption are affecting the users and it has been found that a new set of vulnerabilities is affecting the users. This encryption is widely used for security and transmits data over the network
PGP and S/MIME Email encryption is the widely used standard that developed to securely transmit the data over the network.
PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication which is used for signing, encrypting, and decrypting text in email communication.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.
In this case, researchers advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.
“We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 “07:00
UTC” said Sebastian Schinzel, a professor of computer security at the Münster University of Applied Sciences. He further said “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now”.
The article on GB reveals that there will be complete information about this serious flaw on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). Researchers have warned the wider PGP user community in advance of its full publication to reduce the short-term risk.
In order to reduce the risk, Electronic Frontier Foundation warned the user to disable PGP and related plugins in following Email client.
- Thunderbird with Enigmail
- Apple Mail with GPGTools
- Outlook with Gpg4win
Before mitigating this vulnerability by the wider community, the user can follow these steps for a temporary fix to avoid this flaw to be exploited by hackers.
Julia Sowells318 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.