[German]Security researcher found a critical vulnerability in encryption used by PGP and S/MIME during encrypting e-mails. This results that encrypted messages may contain data in plain text and also old encrypted messages can be decrypted afterwards.
Advertising
Currently there are no details known to the public. Professor Sebastian Schinzel from University of applied science (FH-Münster) Münster (Germany) has announced on Twitter that he will publish the vulnerability on May 15, 2018.
We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4
— Sebastian Schinzel (@seecurity) 14. Mai 2018
A critical vulnerability in PGP/GPG and S/MIME email encryption results in the message being available in plain text or can be decrypted later. Currently there is no method to mitigate the problem. On the site of the Electronic Frontier Foundation (EFF) there is this article on the topic.
The recommendation of EFF is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted emails. This recommendation is also shared by the security researchers who discovered the vulnerability. (via Arstechnica)
