Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Security
 AfterLogic Forum : MailBee.NET Security
Subject Topic: EFAIL and MailBee Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 25 March 2019 at 6:01am | IP Logged Quote mackolo22
Hello.
Currently I'm implementing mails decryption. I would like to know if you made any fixes due to EFAIL vulnerability. I created a sample mail message like in the example here: https://efail.de/ and loaded it using MailBee. MailMessage object says that message isn't encrypted and its body is just
"<img src=\"http://efail.de/"

Is your parser resistant to EFAIL attack or the mail I prepared could be invalid?
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 25 March 2019 at 6:08am | IP Logged Quote Alex
I believe it's resistant to this kind of attack because an unclosed HTML tag won't cause the subsequent content to be added in the tag's attribute value in case of or parser. We first locate MIME boundaries and only then analyze the content within them.

Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
mackolo22
Groupie
Groupie
Avatar

Joined: 09 October 2018
Location: Poland
Online Status: Offline
Posts: 41
Posted: 25 March 2019 at 6:30am | IP Logged Quote mackolo22
Thank you very much Alex. I'm glad to hear that.
Best regards.
Back to Top View mackolo22's Profile Search for other posts by mackolo22
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide