Jump to content


Photo

eFail

CVE-2017-17688 CVE-2017-17689 eFail

  • Please log in to reply
No replies to this topic

#1 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 35 posts

Posted 14 May 2018 - 06:48 PM

No Barracuda products or services decrypt email messages sent using the OpenGPG or S/MIME standards. They are, therefor, not vulnerable.

 

We are also unaware of any vulnerabilities in our products or services that would allow an attacker to modify customer emails. Such modification is a requirement for attempting to exploit an end user.

 

Barracuda customers may be vulnerable to this attack if they are using one of the email client / encryption methods which researchers have have identified as vulnerable. Matthew Green (@matthew_d_green) has posted a very helpful twitter thread with a chart of vulnerable combinations here: https://twitter.com/matthew_d_green/status/995989254143606789.

 

Customers are encouraged to follow the remediation steps documented on the https://efail.dewebsite.