[GH-ISSUE #344] Security: Johnny, you are fired! #297

New issue

Open

opened 2026-02-25 21:34:40 +03:00 by kerem · 1 comment

kerem commented 2026-02-25 21:34:40 +03:00

Owner

Copy link

Originally created by @dumblob on GitHub (May 8, 2019).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/344

Originally assigned to: @Danelif on GitHub.

🗣 Suggestion

Recently I stumbled upon a paper “Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails evaluating few similar attack vectors on encrypted email communication. I think it's worth taking a look at as according to their findings (see Table 2 and onward) it seems affect vast majority of MUAs (standalone as well as web ones).

I didn't have time to evaluate Cypht for these vulnerabilities, but I think it should be done 😉.

Originally created by @dumblob on GitHub (May 8, 2019). Original GitHub issue: https://github.com/cypht-org/cypht/issues/344 Originally assigned to: @Danelif on GitHub. ## 🗣 Suggestion Recently I stumbled upon a paper [“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails](https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf ) evaluating few similar attack vectors on encrypted email communication. I think it's worth taking a look at as according to their findings (see `Table 2` and onward) it seems affect **vast majority of MUAs** (standalone as well as web ones). I didn't have time to evaluate Cypht for these vulnerabilities, but I think it should be done :wink:.

kerem added the

research

PGP

labels 2026-02-25 21:34:40 +03:00

kerem commented 2026-02-25 21:34:40 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (May 7, 2024):

@Danelif please advise

<!-- gh-comment-id:2097127657 --> @marclaporte commented on GitHub (May 7, 2024): @Danelif please advise

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#297

No description provided.