efail and pgp/gpg

Emil Lundberg lundberg.emil at gmail.com
Wed May 30 21:47:53 CEST 2018


Yes, the efail vulnerability is specifically that a maliciously crafted
e-mail could cause an e-mail client to inject decrypted cleartext into URLs
in HTML content (like an <img src>) - thus exposing the cleartext to the
server hosting that URL.

Pass is not affected.

/Emil


On Mon, 21 May 2018, 11:21 Ben Oliver, <ben at bfoliver.com> wrote:

> On 18-05-21 12:07:30, Vlad Nastasiu wrote:
> >Hello,
> >
> >I have a noob question: does the efail vuln affects password store in any
> >way?
> >https://efail.de/
>
> I am by no means an authority on it but from what I gather it's a
> problem with how Mail Clients read HTML. Shouldn't be an issue with
> pass.
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20180530/78300c8b/attachment.html>


More information about the Password-Store mailing list