Vulnerability in Pep (Pretty Easy Privacy) / Enigmail closed

Due to a vulnerability in the Pretty Easy Privacy feature, the Thunderbird Enigmail extension sometimes sent unencrypted e-mail that should have been encrypted. The cause was found and the problem solved. The software Pretty Easy Privacy (Pep) simplifies the handling of OpenPGP. It is delivered with the Thunderbird extension Enigmail. Due to a fatal error in the Windows version of the software, under certain circumstances emails could be transmitted unencrypted. The user was mistakenly informed that the e-mails had been encrypted. The bug was fixed by the Pep Foundation, who developed the software.

The bug was founded with version 1.0.23 of September 26th. The Pep Foundation responded immediately to the discovery of the vulnerability and pulled back the version on October 3. With the current version 1.0.24 the problem has been solved. It also introduced new tests and better error handling for Enigmail. The cause of the vulnerability was a build error in the Windows version of Enigmail / Pep. An unlinked library in Pep resulted in a crash and unencrypted messages. Enigmail sent the unencrypted e-mails for lack of appropriate error handling.

The footer still showed the ad “Privacy Status: Secure & Trusted”, which is supposed to appear only if the emails are encrypted. As a preliminary workaround, the Pep developers recommended that you switch off the Junior mode and only use the normal Enigmail functionality. With the new version this can be activated again safely.

Recent Articles

Angular 9 Next Versions: Ivy, Bazel and more

Angular 9 next versions are here. Besides updates to Ivy, the update includes three features for the Language Service and Service Worker and changes...

Google Releases Dart 2.5: Code Completion through Machine Learning

The latest version of Googles C-Alternative, Go 1.13, is barely released, as the JavaScript derivative of the Internet giant follows: Dart 2.5 is here!...

Laravel 6.0 is here: Support for Serverless Platform Laravel Vapor

A new update is available for the framework Laravel. Laravel 6.0 is compatible with Laravel Vapor, a serverless deployment platform. The development team has...

Microsoft’s FaaS service Azure Functions: Now with Python support

Azure Functions has received support for Python: Microsoft's FaaS service can host Python workloads for data science, machine learning, and more. So far, the...

On the way to Angular 9: Three bugfixes in Angular 9

With Angular 9.0.0-next.1 there is a second Next-Release available for Angular 9, which can now be tested. The number of changes to the version...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here