{"id":64377,"date":"2019-05-06T14:16:55","date_gmt":"2019-05-06T12:16:55","guid":{"rendered":"https:\/\/blog.mailfence.com\/mailfence-nao-afetado-pelas-vulnerabilidades-falsificacao-assinatura-openpgp\/"},"modified":"2024-06-04T15:58:21","modified_gmt":"2024-06-04T13:58:21","slug":"mailfence-nao-afetado-pelas-vulnerabilidades-falsificacao-assinatura-openpgp","status":"publish","type":"post","link":"https:\/\/blog.mailfence.com\/pt\/mailfence-nao-afetado-pelas-vulnerabilidades-falsificacao-assinatura-openpgp\/","title":{"rendered":"O Mailfence n\u00e3o \u00e9 afetado pelas vulnerabilidades de falsifica\u00e7\u00e3o de assinatura do OpenPGP"},"content":{"rendered":"\n

Novas vulnerabilidades em muitos clientes de e-mail com OpenPGP e S\/MIME foram anunciadas em 2019-04-30. Essas vulnerabilidades de falsifica\u00e7\u00e3o de assinatura exploram pontos fracos na maneira como as assinaturas do OpenPGP s\u00e3o verificadas pelos clientes de e-mail e como o resultado da verifica\u00e7\u00e3o \u00e9 apresentado ao usu\u00e1rio. De acordo com nossa an\u00e1lise, o Mailfence n\u00e3o \u00e9 afetado pelas vulnerabilidades de falsifica\u00e7\u00e3o de assinatura do OpenPGP.<\/strong><\/p>\n\n\n\n

Por que o Mailfence n\u00e3o \u00e9 afetado pela falsifica\u00e7\u00e3o de assinatura do OpenPGP<\/h2>\n\n\n\n
\"Signature<\/figure>\n\n\n\n
\"Signature<\/figure>\n\n\n\n

O modelo do agressor mencionado no documento t\u00e9cnico<\/a> \u00e9 o seguinte:<\/p>\n\n\n\n

    \n
  1. O cabe\u00e7alho ‘De:’ do e-mail \u00e9 falsificado pelo invasor usando t\u00e9cnicas de representa\u00e7\u00e3o conhecidas.<\/li>\n\n\n\n
  2. O atacante obteve pelo menos uma assinatura v\u00e1lida do OpenPGP<\/a> falsificando conversas de e-mail anteriores do usu\u00e1rio.<\/li>\n\n\n\n
  3. A v\u00edtima do lado da recep\u00e7\u00e3o j\u00e1 possui uma chave p\u00fablica confi\u00e1vel do remetente falsificado.<\/li>\n<\/ol>\n\n\n\n

    Aqui est\u00e3o os ataques demonstrados pelos pesquisadores de seguran\u00e7a:<\/p>\n\n\n\n

    CMS attacks<\/h3>\n\n\n\n

    Mailfence does not treat container format used by S\/MIME i.e.., Cryptographic Message Syntax (CMS) and is therefore not impacted by this type of attack.<\/p>\n\n\n\n

    GPG API specific issue<\/h3>\n\n\n\n

    Mailfence does not use GPG engine and as such is not impacted by GnuPG API specific issues.<\/p>\n\n\n\n

    MIME attacks<\/h3>\n\n\n\n

    Mailfence signature verification methodology does not regard partially signed and\/or embedded signed sub-parts within a multipart message as valid. In most cases, such messages will be regarded as invalid. Moreover, any active content is always disabled by default. This means, as you opens a signed message, only the valid (correctly recognized) signature verification is performed.<\/p>\n\n\n\n

    ID attacks<\/h3>\n\n\n\n

    Mailfence does not attempt to bind signature identity with sender address, and only shows the signature verification result. When in doubt, users can always check the the identity of signer by clicking on the signature verification message and match it with the sender address. Concerning displaying the FROM field, Mailfence correctly handles any special characters that might try to manipulate its UI presentation to the user.<\/p>\n\n\n\n

    UI Attacks<\/strong><\/h3>\n\n\n\n

    Since Mailfence blocks all active content by default, any attempt to mimick the signature verification result using e.g., HTML, CSS, or inline images, will not succeed. In such cases, only the valid (i.e., correctly recognized) signature verification message will be displayed.<\/p>\n\n\n\n

    Recomenda\u00e7\u00f5es para usu\u00e1rios que usam clientes de e-mail afetados por spoofing de assinatura<\/h2>\n\n\n\n

    Recomendamos que voc\u00ea execute as seguintes etapas de atenua\u00e7\u00e3o, se estiver usando sua conta do Mailfence com qualquer um dos clientes de e-mail afetados mencionados<\/a>, a fim de proteger-se contra falsifica\u00e7\u00e3o de assinaturas.<\/p>\n\n\n\n