EFAIL

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2018-004 CVE-2017-17688 , CVE-2017-17689 05/13/2018 low v1

Vulnerability details

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.

The two vulnerabilities, Direct Exfiltration and CBC/CFB Gadget Attack, could allow an attacker to exfiltrate sensitive data from encrypted emails.

 

Impacted products

ProductsSeverityDetail

Revisions

Version Date Description
v1  05/17/2018 Initial release