[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

Sandro Knauß Tue, 09 Apr 2019 13:55:17 -0700

https://bugs.kde.org/show_bug.cgi?id=404698


Sandro Knauß <skna...@kde.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REPORTED                    |CONFIRMED
                 CC|                            |skna...@kde.org
     Ever confirmed|0                           |1
            Version|unspecified                 |5.10.3

--- Comment #5 from Sandro Knauß <skna...@kde.org> ---
(In reply to Daniel Vrátil from comment #3)
> In KMail this attack requires that user would enable "Automatic decryption
> of encrypted messages when viewing" option in KMail settings, which is
> disabled by default.

As Jens already explained, this setting does not help here. This Setting only
do not trigger decryption directly when you view the mail. But if you reply the
mail is decrypted in anycase. And we use the same code paths for rendering the
view and prepare the reply/forward.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

Reply via email to