Wednesday, April 9, 2025
Follow us On Linkedin
HomeComputer SecurityCritical Vulnerabilities in PGP and S/MIME Email Encryption May Leak an Encrypted...

Critical Vulnerabilities in PGP and S/MIME Email Encryption May Leak an Encrypted Email in Plain Text

Computer SecuritySecurity NewsVulnerability

Published on

By Balaji
Critical Vulnerabilities in PGP and S/MIME Email Encryption May Leak an Encrypted Email in Plain Text

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A new set of Critical vulnerabilities affecting users of PGP and S/MIME Email encryption may reveal the encrypted Email’s in clear text including the past Emails.

PGP and S/MIME Email encryption is the widely used standard that developed to securely transmit the data over the network.

  • PGP(Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication which is used for signing, encrypting, and decrypting texts in email communication.
  • S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.

In this case, researchers advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

- Advertisement - Google News

Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences said, “We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 “07:00 UTC”

Aslo he said in his next tweet, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now”.

A complete information about this serious flaw will be published on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

Before that researchers warn the wider PGP user community in advance of its full publication to reduce the short-term risk.

In order to reduce the risk, Electronic Frontier Foundation warned used to disable PGP and related plugins in following Email client.

Before mitigated against this vulnerability by the wider community, the user can follow this steps for a temporary fix to avoid this flaw to be exploited by hackers.

Full details of this critical flaw will be published soon so stay tuned with us, we will come back with complete technical information.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Press Release

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super...
CVE/vulnerability

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain...
Adobe

Adobe Security Update: Patches Released for Multiple Product Vulnerabilities

Adobe has announced critical security updates for several of its popular software products, addressing...
cyber security

HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents

In a disturbing escalation of cyber threats, a new malware campaign dubbed 'HollowQuill' has...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain...
Adobe

Adobe Security Update: Patches Released for Multiple Product Vulnerabilities

Adobe has announced critical security updates for several of its popular software products, addressing...
CVE/vulnerability

CISA Alerts on Active Exploitation of CentreStack Hard-Coded Key Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved