Vulnerability in Pep (Pretty Easy Privacy) / Enigmail closed

Due to a vulnerability in the Pretty Easy Privacy feature, the Thunderbird Enigmail extension sometimes sent unencrypted e-mail that should have been encrypted. The cause was found and the problem solved. The software Pretty Easy Privacy (Pep) simplifies the handling of OpenPGP. It is delivered with the Thunderbird extension Enigmail. Due to a fatal error in the Windows version of the software, under certain circumstances emails could be transmitted unencrypted. The user was mistakenly informed that the e-mails had been encrypted. The bug was fixed by the Pep Foundation, who developed the software.

The bug was founded with version 1.0.23 of September 26th. The Pep Foundation responded immediately to the discovery of the vulnerability and pulled back the version on October 3. With the current version 1.0.24 the problem has been solved. It also introduced new tests and better error handling for Enigmail. The cause of the vulnerability was a build error in the Windows version of Enigmail / Pep. An unlinked library in Pep resulted in a crash and unencrypted messages. Enigmail sent the unencrypted e-mails for lack of appropriate error handling.

The footer still showed the ad “Privacy Status: Secure & Trusted”, which is supposed to appear only if the emails are encrypted. As a preliminary workaround, the Pep developers recommended that you switch off the Junior mode and only use the normal Enigmail functionality. With the new version this can be activated again safely.

Recent Articles

Most in-demand IT jobs from last decade

Uber for travel, Netflix for leisure and Google for everything is the ideal routine that we all wish to follow, of course with Instagram...

The finest text editor for professional bloggers

It is a fact that blogs have replaced books and magazines due to increasing popularity of the online world. Serious readers subscribe to blogs...

Angular 9 final release released

Angular 9 final is here! The new version was released a little late. Ivy is of course one of the new features, but that's...

VS Code update: New preview features, movable panel and Docker tutorials

The first VS Code update in 2020 was released. In addition to new preview features, parts of the workbench have been revised and the...

Purify: Library for functional programming in TypeScript

The Purify library was developed for functional programming in TypeScript. It should make it possible to use frequently used patterns from functional programming languages...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here