Title: PGP Outlook Plug-In Insecure Message Storage Vulnerability
Severity: MODERATE
Description:
PGP Security provides privacy and data confidentiality software. The Outlook Plug-in allows users to send and receive encrypted mail via Microsoft Outlook mail clients.
A problem has been discovered in PGP Outlook Plug-in which may create a false sense of security for users of this product.
When a user replies to an encrypted message, a decrypted copy of the message is saved silently to disk on the system. The user receives no notification of this event. The user may expect that the software is svaing the messages in the encrypted format, when in fact they are being saved in the decrypted format.
This issue only occurs when the user replies to a message and the "Automatically decrypt/verify when opening messages" option is checked, and "Always use Secure Viewer when decrypting" option is not checked.
Affected Products:
- Network Associates PGP 7.0.0
- Network Associates PGP 7.0.3
- Network Associates PGP 7.0.4
References:
- NTBugtraq: PGP 7.0 Outlook Plug-in flaw
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
