Dumb bug of the week: Outlook staples together encrypted emails and their plaintext versions when sending messages

www.theregister.co.uk | 10/11/2017 | Staff
princia (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2017/10/11/outlook_shutterstock.jpg?x=1200&y=794




Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.

You read that right: if you can intercept a network connection transferring an encrypted email, you can just read off the unencrypted copy stapled to it, if the programming blunder is triggered.

Bug - Outlook - Users - S/MIME - Messages

The bug is activated when Outlook users use S/MIME to encrypt messages and format their emails as plain text. When sent, the software reports the memo was delivered in an encrypted form and appears that way in the Sent folder on Outlook – but attached to the ciphered text is an easily human-readable version of the same email. This somewhat derails the use of encryption.

"This has been a rather unusual vulnerability discovery," said the SEC...
(Excerpt) Read more at: www.theregister.co.uk
8 other people are viewing this story
Wake Up To Breaking News!
Sign In or Register to comment.