[kmail2] [Bug 335117] New: Information leak when using GPG on Bcc recipients
Dominik George
nik at naturalnet.de
Wed May 21 08:57:03 BST 2014
https://bugs.kde.org/show_bug.cgi?id=335117
Bug ID: 335117
Summary: Information leak when using GPG on Bcc recipients
Classification: Unclassified
Product: kmail2
Version: 4.12.4
Platform: Debian unstable
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: crypto
Assignee: kdepim-bugs at kde.org
Reporter: nik at naturalnet.de
When sending e-mail to several recipients, of which some are Bcc with the
intention to hide them from the other recipients, using GPG leaks information
about those because the used encryption keys are visible on the encrypted
message.
GPG has a -R option that hides the used encryption key, and this method is most
likely also exposed through whatever KMail uses to run GPG. It should be used
for all Bcc recipients in order to not disclose their existence!
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list