September 22, 2023

Researches warned about a Electronic code book protocol that used by Microsoft for email encryption has a weakness that can leak information.

The NIST, the U.S. agency that develops encryption standards for civilian use, characterizes ECB as a severe security vulnerability.

Advertisements

Microsoft’s use of the algorithm for the purpose, encrypted email could betray its senders under conditions in which an adversary can gather large volumes of messages.

ECB encrypts repeated plaintext within a single message with the same characters, an authority able to capture and analyze email flows could infer parts of the encrypted text.

Researchers were able to extract a raw image file of the word fail printed in black against a background. The extraction was not perfect, but it was clear enough to read the text.

Microsoft, yet to assign a CVE tracker to the vulnerability.

Advertisements

Microsoft will continues to use algorithm, to support backward compatibility though it has a known problem. Without a ln alternate, stopping Electronic Code Book was difficult to get away from it without causing customers to lose the ability to decrypt old messages.

Tags:

Leave a Reply

You may have missed

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023
%d bloggers like this: