[Users] PGP vulnerability eFail and OpenPGP Zimlet
Barry de Graaff
info at barrydegraaff.tk
Mon May 14 20:00:34 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello All,
The Electronic Frontier Foundation has released some news about a PGP vulnerability named eFail.
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
https://www.forbes.com/sites/thomasbrewster/2018/05/14/pgp-encrypted-email-vulnerability-exposes-private-messages/
All the attacks require some sore of HTML parsing in the PGP-aware email client.
Zimbra OpenPGP Zimlet (from here: https://github.com/Zimbra-Community/pgp-zimlet)
should not be vulnerable as it only sends PGP email in plain/text and more importantly
it does not render HTML in received PGP messages (via pgp/mime or otherwise) any HTML
part is converted to text by htmlToText.js library and further sanitized by purify.js.
Kind regards,
Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community
+31 617 220 227 | skype: barrydegraaff.tk
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v2.6.2
Comment: https://openpgpjs.org
wkYEAREIABAFAlr5zsEJEHJd3RVtNqLQAAAZEgCeKE2ksWV5VoJ6ZnPJTpT0
oTvjciEAn2Lt1yx0RNACIbXb3oWmxnYOJQHA
=qIXM
-----END PGP SIGNATURE-----
More information about the Users
mailing list