The announcement of the Efail vulnerability has led to a surge of contradicting opinions and statements. After having read the paper and having performed extensive tests against Kopano over the last few days, we can now state the following:
- To be sure that your sent messages are not tampered with, you should always sign your messages, even when you are already encrypting them.
- Kopano WebApp is not vulnerable to Direct Exfiltration since on decryption unencrypted parts get cleaned and replaced in the mail viewer.
- S/MIME ís vulnerable to the shown CBC/CFB gadget attack. This is, unfortunately, something in the design of S/MIME. The only way around this is to only display the plain text part when viewing S/MIME messages.
We do see more chances to reduce the possibility of leaking access information, like disabling the on-demand fetching of intermediate CAs and disabling OSCP verification by default. These changes will be incorporated in future releases of the S/MIME plugin for Kopano WebApp.
If you have any questions about Efail and Kopano, please do not hesitate to contact us via firstname.lastname@example.org.