https://bugs.kde.org/show_bug.cgi?id=399055
Bug ID: 399055
Summary: Signature spoofing in PGP signed email (GUI layer)
Product: trojita
Version: unspecified
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: minor
Priority: NOR
Component: Cryptography
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Dear Trojitá devs,
In the scope of academic research we discovered a (minor) PGP signature
validation issue in Trojitá based on how Trojitá presents the results of
signature verification to the user.
*** Prerequirements ***
It is assumed that the attacker, Eve, can send an email to Bob which -- on the
RFC822 layer -- looks like originating from Alice (using the *From:* header).
Such email address spoofing should actually be prevented by digital signatures.
The attacker's goal is to have a spoofed PGP signature being displayed by the
mail client, so that Bob thinks there is cryptographic proof for Alice being
the sender. The attack is successful if the fake signature is indistinguishable
from a real signed message by Alice on the first level of the UI -- i.e. by
just viewing the email without further investigating the signature details or
performing a forensic analysis.
*** Attack Description ***
Trojitá displays the status of the signature within the mail content itself.
However, this part of the UI is in control of the attacker. With modern HTML,
CSS or inline images a graphic showing `valid signature', appearing like the
real results of signature verification, can easily be forged. Note that this
attack works for signed-only as well as for signed and encrypted messages
because the HTML email content do display the fake signature can simply be
encrypted using Bob's public key.
*** Countermeasures ***
The results of signature verification are not to be shown in
attacker-controlled parts of the UI such as in the message content itself which
may contain arbitrary graphics.
--
You are receiving this mail because:
You are watching all bug changes.
