On Monday morning, Sebastian Schinzel, professor of computer security at the University of Münster in Germany, published a tweet to warn of the discovery of a new security vulnerability concerning OpenPGP and S/MIME e-mail encryption tools.

Following this announcement, management at GNU Privacy Guard software said the vulnerabilities were at the implementation level in e-mail clients.

 

Vulnerabilities to exflitrate sensitive data

Both vulnerabilities, Direct Exfiltration and CBC/CFB Gadget Attack, could allow an attacker to exfiltrate sensitive data from encrypted emails.

Protection with Stormshield solutions

Our Stormshield Network Security and Stormshield Endpoint Security solutions do not use OpenPGP or S/MIME encryption tools.

Regarding our Stormshield Data Security solution, our decryption implementation allows us to not be impacted by these vulnerabilities. Within SDS Enterprise, our mail add-in, Stormshield Data Mail for Outlook, uses a special mechanism to decrypt S/MIME and OpenPGP encryption tools, and is therefore not vulnerable to direct exfiltration or CBC/CFB Gadget Attacks.

Full security advisory from our teams available on our website: advisories.stormshield.eu. And for more information on vulnerabilities, visit the dedicated website.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
About the author
mm
Karine Monmarché Global Lead Marketing, Stormshield

Karine is Global Lead Marketing at Stormshield. Her multi-expertise background includes marketing and communication in all their guises. Well-versed in strategic and service offer marketing, in external, internal, Web & editorial communication, she has dedicated her career to exploring the areas she is passionate about: energy and new technologies in the broadest possible sense.