Enigmail PGP plugin forgets to encrypt mail sent as blind copies

  • 9 September 2014
  • 0 replies
  • 125 views

Userlevel 7
By Darren Pauli, 9 Sep 2014
 
Enigmail has patched a hole in the world's most popular PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked.
The dangerous hole in the Mozilla Thunderbird extension affected email that was sent only to blind carbon copy recipients on all versions below 1.7.2 released last month.
 It could mean any Enigmail user, possibly activists and journalists, may have sent apparently encrypted emails that could be read by attackers.
Enigmail dev Nicolai Josuttis explained the bug in a release note.
 
The Register/ full article here/ http://www.theregister.co.uk/2014/09/09/enigmail_encryption_error_prompts_plaintext_panic/

0 replies

Be the first to reply!

Reply