ADVISORY: Efail…PGP Has an Email Problem?

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Email continues to be one of the most popular ways to communicate in the world today. And given the rapidly evolving threat landscape, email encryption has never been more critical. Pretty Good Privacy (PGP) has long been a trusted platform for encrypted messaging and remains a popular method of sending secure, private email.

On May 14, a research team led by Sebastian Schinzel, researcher and professor of computer security at Münster University of Applied Sciences, disclosed critical vulnerabilities in implementations of several email clients and the OpenPGP and S/MIME standards that could be exploited to disclose sensitive information by exfiltrating plaintext of encrypted messages. It’s also possible that old messages which were previously encrypted could be disclosed.

The research team is using the name Efail to describe these vulnerabilities. They released a technical report with details. Essentially, Efail attacks exploit weaknesses in the various email clients, PGP and S/MIME, by tricking email clients into revealing the plaintext of the encrypted emails to the attacker. In the technical paper, researchers state that for the attack against the email clients that involves direct exfiltration, “EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”

The second issue, named the CBC/CFB Gadget attack, abuses vulnerabilities in the specification of OpenPGP and S/MIME, thereby allowing the attacker to exfiltrate the plaintext from encrypted messages.

After reviewing the research, the Electronic Frontier Foundation (EFF) also stated it could “confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

There’s an ongoing debate in the cybersecurity community whether these issues are in the specifications or the email clients. Some cybersecurity professionals have expressed concerns that the issue also affects the core protocol of PGP, including file encryption. GNU Privacy Guard tweeted, “They figured out mail clients which don’t properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.”

Due to the risk and severity of the vulnerabilities, it’s likely the affected vendors will release patches to mitigate both these issues before a comprehensive evaluation of the PGP and S/MIME specifications are conducted.


There are currently no reliable fixes for these issues. There’s a large list of vendors affected (see section titled “Responsible Disclosure”).

Tenable Research is closely following the developing situation for these vulnerabilities:

  • CVE-2017-17688: OpenPGP CFB gadget attacks
  • CVE-2017-17689: S/MIME CBC gadget attacks

If OpenPGP is patched to detect and discard messages with modified ciphertext, Tenable’s container security would detect outdated versions. Similarly, when mail clients take steps to mitigate these issues, Container Security would detect those outdated versions as well.

We’re monitoring the situation and are actively working on releasing checks and plugins to help our customers determine if they’re vulnerable and assess their Cyber Exposure.

Some interim mitigations

  • Don’t decrypt email messages using vulnerable clients. Use a standalone application to decrypt email messages, so that direct exfiltration channels aren’t opened up as a result of these vulnerabilities. This trade-off involves the addition of an extra step when receiving encrypted messages.
  • Disable rendering of remote content in messages on email clients. This reduces the attack surface area and raises the bar for exploitation. However, this will also mean that active content in messages cannot be viewed.
  • Apply patches from vendors as soon as they are available.

Additional information

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?