Vulnerability Note VU#122919
OpenPGP and S/MIME mail client vulnerabilities
Mail clients may leak plaintext messages while decrypting OpenPGP and S/MIME messages.
Email clients supporting the OpenPGP or S/MIME standards may be vulnerable to a CBC/CFB gadget attack which may allow an attacker to inject content into an encrypted email which would establish an exfiltration channel when decrypted by the victim's email client. For example, injecting an HTML image tag which, when rendered by the email client, sends the plaintext as part of an HTTP request.
CVE-2017-17688: OpenPGP CFB Attacks
A remote attack could recover plaintext from encrypted emails without access to the encryption keys.
The CERT/CC is currently unaware of a practical solution to this problem. However, there are some mitigations that may be taken:
Decrypt mail outside of mail client
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|9Folders, Inc.||Affected||-||14 May 2018|
|Airmail||Affected||-||14 May 2018|
|Apple||Affected||-||14 May 2018|
|eM Client||Affected||-||14 May 2018|
|Evolution||Affected||-||14 May 2018|
|Flipdog Solutions, LLC||Affected||-||14 May 2018|
|GnuPG||Affected||-||15 May 2018|
|Affected||-||14 May 2018|
|GPGTools||Affected||-||14 May 2018|
|IBM Corporation||Affected||-||14 May 2018|
|KMail||Affected||-||14 May 2018|
|MailMate||Affected||-||14 May 2018|
|Microsoft||Affected||-||14 May 2018|
|Mozilla||Affected||-||14 May 2018|
|Postbox, Inc.||Affected||-||14 May 2018|
CVSS Metrics (Learn More)
Credit is attributed to Damian Poddebniak, Christian Dresen, Jens Muller, Fabian Ising, Sebastian Schinzel1, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk
This document was written by Trent Novelly.
- CVE IDs: CVE-2017-17688 CVE-2017-17689
- Date Public: 14 May 2018
- Date First Published: 14 May 2018
- Date Last Updated: 15 May 2018
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.