[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails
Sandro Knauß
bugzilla_noreply at kde.org
Tue Apr 9 21:54:50 BST 2019
https://bugs.kde.org/show_bug.cgi?id=404698
Sandro Knauß <sknauss at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REPORTED |CONFIRMED
CC| |sknauss at kde.org
Ever confirmed|0 |1
Version|unspecified |5.10.3
--- Comment #5 from Sandro Knauß <sknauss at kde.org> ---
(In reply to Daniel Vrátil from comment #3)
> In KMail this attack requires that user would enable "Automatic decryption
> of encrypted messages when viewing" option in KMail settings, which is
> disabled by default.
As Jens already explained, this setting does not help here. This Setting only
do not trigger decryption directly when you view the mail. But if you reply the
mail is decrypted in anycase. And we use the same code paths for rendering the
view and prepare the reply/forward.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list