Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

OpenPGP, S/MIME Mail Client Vulnerabilities

Last Revised

The CERT Coordination Center (CERT/CC) has released information on email client vulnerabilities that can reveal plaintext versions of OpenPGP- and S/MIME-encrypted emails. A remote attacker could exploit these vulnerabilities to obtain sensitive information.

NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU #122919, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.