March 25, 2023

Researches warned about a Electronic code book protocol that used by Microsoft for email encryption has a weakness that can leak information.

The NIST, the U.S. agency that develops encryption standards for civilian use, characterizes ECB as a severe security vulnerability.

Advertisements

Microsoft’s use of the algorithm for the purpose, encrypted email could betray its senders under conditions in which an adversary can gather large volumes of messages.

ECB encrypts repeated plaintext within a single message with the same characters, an authority able to capture and analyze email flows could infer parts of the encrypted text.

Researchers were able to extract a raw image file of the word fail printed in black against a background. The extraction was not perfect, but it was clear enough to read the text.

Microsoft, yet to assign a CVE tracker to the vulnerability.

Advertisements

Microsoft will continues to use algorithm, to support backward compatibility though it has a known problem. Without a ln alternate, stopping Electronic Code Book was difficult to get away from it without causing customers to lose the ability to decrypt old messages.

Tags:

Leave a Reply

You may have missed

Nexus Android Banking Trojan

Nexus Android Banking Trojan

March 25, 2023
CISA Releases Untitled Goose Tool

CISA Releases Untitled Goose Tool

March 25, 2023
Critical Vulnerability in Woocommerce Payment Plugin

Critical Vulnerability in Woocommerce Payment Plugin

March 25, 2023
Cl0P Ransomware havoc with GoAnywhere MFT Exploit

Cl0P Ransomware havoc with GoAnywhere MFT Exploit

March 25, 2023
CISA Pre Ransomware Notification Initiative

CISA Pre Ransomware Notification Initiative

March 25, 2023
Github seizes Exposed RSA SSH Key

Github seizes Exposed RSA SSH Key

March 24, 2023
%d bloggers like this: