{"id":3269,"date":"2025-05-21T12:48:07","date_gmt":"2025-05-21T12:48:07","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3269"},"modified":"2025-05-21T12:48:07","modified_gmt":"2025-05-21T12:48:07","slug":"critical-flaw-in-openpgp-js-raises-alarms-for-encrypted-email-services","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3269","title":{"rendered":"Critical flaw in OpenPGP.js raises alarms for encrypted email services"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely signed and encrypted, security researchers said.<\/p>\n<p>The flaw, identified as CVE-2025-47934 and assigned a critical severity rating, was discovered by Edoardo Geraci and Thomas Rinsma of Codean Labs. It stems from how the library\u2019s openpgp.verify and openpgp.decrypt functions process certain messages.<\/p>\n<p>According to an advisory posted on <a href=\"https:\/\/github.com\/openpgpjs\/openpgpjs\/security\/advisories\/GHSA-8qff-qr5q-5pr8\" target=\"_blank\" rel=\"noopener\">GitHub<\/a>, a specially crafted message could trick the system into confirming a valid signature, even when the message has not been properly signed.<\/p>\n<p>The issue raises concerns about the trustworthiness of encrypted communications relying on the library.<\/p>\n<p>\u201cIn order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker\u2019s choice, which will appear as legitimately signed by affected versions of OpenPGP.js,\u201d the advisory noted.<\/p>\n<p>The flaw would allow attackers to alter the content of inline-signed messages while still producing a result that indicates the signature is valid.<\/p>\n<p>In cases involving both signed and encrypted messages, an attacker with access to a legitimate signature could encrypt a different message of their choosing and have it appear authenticated.<\/p>\n<p>The affected versions are 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0. The issue has been patched in versions 5.11.3 and 6.1.1. OpenPGP.js v4 is not affected.<\/p>\n<h2 class=\"wp-block-heading\">Impact of the flaw<\/h2>\n<p>The vulnerability could pose a significant risk, particularly to services like <a href=\"https:\/\/www.csoonline.com\/article\/559731\/encrypted-email-service-protonmail-is-now-accessible-over-tor.html\">Proton Mail<\/a> that depend on OpenPGP.js for client-side encryption. It specifically affects the way digital signatures are verified in some cases, such as with inline-signed messages.<\/p>\n<p>\u201cAn attacker who has access to both a signed message and its plaintext could craft a completely different message that still appears to be validly signed,\u201d said <a href=\"https:\/\/my.idc.com\/getdoc.jsp?containerId=PRF005665\" target=\"_blank\" rel=\"noopener\">Sakshi Grover<\/a>, senior research manager for IDC Asia Pacific Cybersecurity Services. \u201cThis compromises a fundamental promise of encrypted email, i.e., that a valid signature confirms the message hasn\u2019t been altered.\u201d<\/p>\n<p>Grover noted that the extent of the risk to Proton Mail users depends on how often the affected signature formats are used.<\/p>\n<p>While the flaw may have limited impact on day-to-day communications, it could pose a greater threat in high-risk situations or in environments where older or less secure formats are still in use.<\/p>\n<p>Proton Mail did not respond to a request for comment.<\/p>\n<h2 class=\"wp-block-heading\">Trusting open code<\/h2>\n<p>The incident also underscores a familiar trade-off. Open-source libraries such as OpenPGP.js are widely used because they offer transparency, broad adoption, and the advantages of community input and peer review.<\/p>\n<p>But <a href=\"https:\/\/www.csoonline.com\/article\/3992059\/trust-becomes-an-attack-vector-in-the-new-campaign-using-trojanized-keepass.html\">trusting open source libraries<\/a> also means inheriting any flaws they might have, even subtle ones, that can go unnoticed for years.<\/p>\n<p>\u201cThis vulnerability shows that even well-established crypto libraries can contain dangerous bugs, especially in edge cases,\u201d Grover said. \u201cThe risk is even greater when you consider <a href=\"https:\/\/www.csoonline.com\/article\/561323\/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html\">supply chain threats<\/a> where there have been increasing concerns about malicious actors, including state-sponsored groups, attempting to inject or maintain backdoors in widely used libraries.\u201d<\/p>\n<p>Privacy-focused services should not rely solely on open-source tools, but also invest in regular code audits, <a href=\"https:\/\/www.csoonline.com\/article\/569225\/threat-modeling-explained-a-process-for-anticipating-cyber-attacks.html\">threat modelling<\/a>, and thorough testing against both common and advanced attack techniques, Grover said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely signed and encrypted, security researchers said. The flaw, identified as CVE-2025-47934 and assigned a critical severity rating, was discovered by Edoardo Geraci and Thomas Rinsma of Codean Labs. It stems [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":3267,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3269","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3269"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3269"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3269\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3267"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}