Bug let Enigmail add-on for Thunderbird send emails without encryption
An update has been released for a bug in the Enigmail add-on for the Thunderbird email client. As a result, when using pEp mode, emails were sent without encryption, although it appeared to be present. The problem only affected Windows users.
The bug occurred when using the Enigmail/p≡p software, the pEp Foundation reports in a blog post. On Windows, the bug caused emails to be sent without encryption, even though the software indicated that the message was encrypted. The error was related to a build error in version 1.0.23 of the pEp software discovered by C’t. The site wrote that this happened in the so-called Junior mode, which is activated by default in Enigmail.
Since March of this year, the pEp Foundation and Enigmail have combined their software in the form of Enigmail/p≡p, which should simplify the use of pgp encryption for new users. In addition, pEp stands for ‘pretty easy privacy’ and the software takes steps out of the user’s hands such as creating key pairs. In addition, encryption takes place automatically. Using pEp within the Enigmail add-on is standard for new users.
The bug was fixed on October 12 in version 1.0.24 of the pEp software, having been discovered on October 3 and present since September 26. The pEp Foundation reports that 6,000 people downloaded the software between September 26 and October 3. Distribution of the affected software version was halted upon discovery.
Enigmail is an add-on for Mozilla’s email client Thunderbird and allows to encrypt email using pgp encryption.