| Summary: | GPG signatures can be faked with HTML/CSS | ||
|---|---|---|---|
| Product: | [Applications] kmail2 | Reporter: | hanno |
| Component: | crypto | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | montel |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/messagelib/a19720ae8e0aa2074fe4f055bc0464948bdd0d36 | Version Fixed In: | 5.10.0 |
| Sentry Crash Report: | |||
| Attachments: |
sample mail "signed" with CSS/HTML
fake mail real mail |
||
Created attachment 114877 [details]
fake mail
Created attachment 114878 [details]
real mail
Indeed I confirm this bug. I will investigate how I can fix it. Git commit a19720ae8e0aa2074fe4f055bc0464948bdd0d36 by Laurent Montel. Committed on 11/09/2018 at 05:07. Pushed by mlaurent into branch 'master'. Fix Bug 398454 - GPG signatures can be faked with HTML/CSS FIXED-IN: 5.10.0 M +27 -5 messageviewer/src/header/grantleeheaderformatter.cpp M +18 -2 messageviewer/src/messageviewerheaderplugins/defaultgrantleeheaderstyleplugin/theme/5.2/header.html https://commits.kde.org/messagelib/a19720ae8e0aa2074fe4f055bc0464948bdd0d36 |
Created attachment 114876 [details] sample mail "signed" with CSS/HTML In kmail signed mails are indicated by a green border around the mail content. This can be almost perfectly simulated by rebuilding that border with an HTML table. I've attached an example and screenshots of both a fake and a real mail (they're visually identical, except for some minor font rendering details that are invisible when not zooming in). In the message list there's a small symbol indicating a signed message, so there they can be distinguished, although I doubt anyone will notice. If a message is opened in its own window there's no way to distinguish fake from real. The problem here is with the fact that a security indicator is part of an "attacker-controlled" space, i.e. the content of a mail that gives the other party extensive layout options.