]> granicus.if.org Git - mutt/commit
Add $include_encrypted config to prevent reply-decryption attack.
authorKevin McCarthy <kevin@8t8.us>
Fri, 22 Feb 2019 21:50:52 +0000 (13:50 -0800)
committerKevin McCarthy <kevin@8t8.us>
Mon, 4 Mar 2019 04:24:43 +0000 (12:24 +0800)
commit67bdfa3110d22c00fe658ce464a6eb515fbfc590
tree4ed0693fa4af23db431ea61e60e4b5fc952132f5
parent128baa52e5ad912e3127926937934e1cb8d31c5f
Add $include_encrypted config to prevent reply-decryption attack.

@jensvoid, in cooperation with Ruhr-Uni Bochum and FH Münster,
Germany, reported a possible "Oracle decryption" attack on various
mail clients.  An attacker could include previously encrypted contents
they obtained access to, and include it in a message.  Replying
without trimming would include the decrypted contents.

This attack relies on several "ifs", and is more dangerous for clients
that compose HTML mail.  However, it is still an issue that an
unwary/busy Mutt user could fall for.

Add a new config $include_encrytped, defaulting off, to reduce the
possibility of the user being unaware of previously encrypted parts in
the reply.  Only the main initial encrypted part will be included in
the reply.
handler.c
init.h
mutt.h