Jump to content



CVE-2017-17688 CVE-2017-17689 eFail

This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 Dave Farrow

Dave Farrow


  • Moderators
  • 35 posts

Posted 14 May 2018 - 06:48 PM

No Barracuda products or services decrypt email messages sent using the OpenGPG or S/MIME standards. They are, therefor, not vulnerable.


We are also unaware of any vulnerabilities in our products or services that would allow an attacker to modify customer emails. Such modification is a requirement for attempting to exploit an end user.


Barracuda customers may be vulnerable to this attack if they are using one of the email client / encryption methods which researchers have have identified as vulnerable. Matthew Green (@matthew_d_green) has posted a very helpful twitter thread with a chart of vulnerable combinations here: https://twitter.com/matthew_d_green/status/995989254143606789.


Customers are encouraged to follow the remediation steps documented on the https://efail.dewebsite.