"Majority of Encrypted Email Clients Vulnerable to Signature Spoofing"

Researchers from the Ruhr University Bochum and Munster University of Applied Sciences examined the implementation of two major email encryption standards, OpenPGP and S/MIME. According to the findings of this analysis, the majority of leading encrypted email clients that support these standards are vulnerable to digital signature spoofing. Five different classes of attack are described by researchers, which are CMS attacks, GnuPG API attacks, MIME attacks, ID attacks, and UI attacks. This article continues to discuss the susceptibility of encrypted email clients to digital signature spoofing, the classes of attack described by researchers, and what the results of this investigation suggest.  

SecurityWeek reports "Majority of Encrypted Email Clients Vulnerable to Signature Spoofing"