Security researchers have found a vulnerability in OpenPGP and S/MIME. The exact details about this vulnerability are not published yet. At this moment we are busy to investigate the effects on our product.
Different organizations have advised not to use OpenPGP or S/MIME anymore, while other ‘experts’ are speaking about a minor vulnerability and that there is no reason for panic. However we would like to inform you about the rumor which has spread.
Our first investigations comes up with the following recommendations:
- Although the encryption could be vulnerable, it is still better to use encryption
- If you have high security demands, in your Mail client you can use plain text i.s.o. HTML. By doing this, S/Mime and OpenPGP are not vulnerable for the found issue.
- By using an additional opaque-signature, the signature can’t be removed during a Man-in-the-Middle Attack.
The webmail and PDFmail functionality are not vulnerable and are still safe and secure to use. As soon as we have more information, we will update you.