EFAIL

Efail, also written EFAIL, is a security hole in email systems with which content can be transmitted in encrypted form. This gap allows attackers to access the decrypted content of an email if it contains active content like HTML or JavaScript, or if loading of external content has been enabled in the client. Affected email clients include Gmail, Apple Mail, and Microsoft Outlook.

Two related Common Vulnerabilities and Exposures IDs, CVE-2017-17688 and CVE-2017-17689, have been issued. The security gap was made public on 13 May 2018 by Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky and Jörg Schwenk as part of a contribution to the 27th USENIX Security Symposium, Baltimore, August 2018.

As a result of the vulnerability, the content of an attacked encrypted email can be transmitted to the attacker in plain text by a vulnerable email client. The used encryption keys are not disclosed.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.