The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
16/05/2018
by Microsoft
2 months ago
by Mozilla
3 months ago
by Roundcube
6 months ago
by Freron
4 years ago
by Bloop
6 years ago
by Apple
6 years ago
by Emclient
6 years ago
by Flipdogsolutions
6 years ago
by Horde
6 years ago
by Postbox-Inc
6 years ago