Vulnerability in PGP and S/MIME

[German]Security researcher found a critical vulnerability in encryption used by PGP and S/MIME during encrypting e-mails. This results that encrypted messages may contain data in plain text and also old encrypted messages can be decrypted afterwards.


Currently there are no details known to the public. Professor Sebastian Schinzel from University of applied science (FH-Münster) Münster (Germany) has announced on Twitter that he will publish the vulnerability on May 15, 2018.

A critical vulnerability in PGP/GPG and S/MIME email encryption results in the message being available in plain text or can be decrypted later. Currently there is no method to mitigate the problem. On the site of the Electronic Frontier Foundation (EFF) there is this article on the topic.

The recommendation of EFF is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted emails. This recommendation is also shared by the security researchers who discovered the vulnerability. (via Arstechnica)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *