EFAIL

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2018-004 CVE-2017-17688 , CVE-2017-17689 05/13/2018 low v1

Vulnerability details

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.

The two vulnerabilities, Direct Exfiltration and CBC/CFB Gadget Attack, could allow an attacker to exfiltrate sensitive data from encrypted emails.

 

Products

ProductSeverityDetail
Stormshield Network Security

None

SNS does not use OpenPGP nor S/MIME
Stormshield Endpoint Security

None

SES does not use OpenPGP nor S/MIME
Stormshield Data Security

None

Stormshield Data Mail for Outlook uses specific mechanism to decrypt S/MIME and PGP emails and is consequently not vulnerable to Direct Exfiltration nor to the CBC/CFB Gadget Attacks
Fast360

None

Fast does not use OpenPGP nor S/MIME
Netasq

None

Netasq does not use OpenPGP nor S/MIME

Revisions

Version Date Description
v1  05/17/2018 Initial release