[#327] User ID spoofing attack on WinPT

I'm not sure why I did not respond to this one.

But the scenario has several problems. First, it assumes that the message is properly encoded according to the victims environment. This is manageable, I agree.

But WinPT/gpgme uses the recipients key ID for encryption, not the userid/email. Using the non-unique pattern for key selection is a security risk anyway.

So if you major concern is that sensitive text could be encrypted with the wrong key, WinPT was never vulnerable because the key IDs are used.

And I don't want to be pedantic, but isn't it already public when you post a security report to a tracker of a public website?

Since I have not heard back I am planning to disclose the vulnerability to the public in the next few days. Please let me know if you would like to postpone the disclosure.

Considering the "freeze" announcement from the beginning of April, do you still plan to resolve this issue in a near future?

I would like to publicly disclose the vulnerability but I have no problem waiting for an updated WinPT for a month or two. On the other hand, if your other commitments do not allow you to work on WinPT then the users should be warned about this issue even without WinPT getting fixed.

In any case I need to change the display form for long user IDs but display the entire user ID when it is very long is no solution because it makes proper dialog handling impossible.

Thanks for your opinion, I might move this topic to a gnupg mailing list to discuss this more in detail.

Re communication:
No problem, you can reach me as nnposter324 at users.sourceforge.net (remove 324).

Re two-email pattern:
Actually checking for the two-email pattern might not cover all the cases. As an example, I could just pad the second UID with spaces and add the victim as a properly formatted 3rd UID. This way I have avoided the pattern while the victim UID is still not visible during the import or key signing. It would of course show up during key edit or signature listing.

Alternatively I could make the 2nd UID as "AttackerSSSSSSSSS<victim@bar.com>", which would also avoid the pattern and it would appear to the target as a UID without any e-mail. The victim e-mail address would not get disclosed during the import, key signing, and even signature listing. It would still show up in the key edit window.

Probably one of the best approaches is to either (1) display the entire UID text, regardless of size, and scale all the windows accordingly or (2) show just the leading part, just like now, but add a strong indicator of truncation, such as:

Attacker <attacker@foo.org>...(352 hidden chars)

Your attack is based on an user ID which contains more than
one email address and thus it would be easy to check for such
suspicious pattern, right?

Propably this could lead to problems with 'free form' user IDs
but IMHO they are seldom and they would only cause trouble if they contain 2 email addresses.

I see some scenarios are possible but first,

please do not use the tracker directly to post security
issues which could be exploited by some bad guys. This way I've no chance to provide a fix and release a new version ASAP, without the fear that some 'script kiddies' use the attack to compromise systems with a vulnerable program version (!)

I don't say such things should be kept in secret, but as usual the vendors (in this case it's me via PM) should be contacted first.

I would prefer to continue this discussion via mail, ok?