PGP Outlook Plug-In Insecure Message Storage Vulnerability

PGP Outlook Plug-In Insecure Message Storage Vulnerability

PGP Security provides privacy and data confidentiality software. The Outlook Plug-in allows users to send and receive encrypted mail via Microsoft Outlook mail clients.

A problem has been discovered in PGP Outlook Plug-in which may create a false sense of security for users of this product.

When a user replies to an encrypted message, a decrypted copy of the message is saved silently to disk on the system. The user receives no notification of this event.

This issue only occurs when the user replies to a message and the "Automatically decrypt/verify when opening messages" option is checked, and "Always use Secure Viewer when decrypting" option is not checked.