[OpenPGP]
Email clients vulnerable / not-vulnerable.
https://efail.de/media/efail-disclosure-pgp.png
On the
S/MIME side, only Claws and Mutt were found not vulnerable.
Efail
-
Mitigations
From the
GnuPG statement:
1. This paper is misnamed.
It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned.
2. This attack targets buggy email clients. Correct use of the MDC completely prevents this attack. GnuPG has had MDC support since the summer of 2000.