New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm.
“The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation,” Finnish cybersecurity company WithSecure said in a report published last week.
Office 365 Message Encryption (OME) is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves.
A consequence of the newly disclosed issue is that rogue third-parties gaining access to the encrypted email messages may be able to decipher the messages, effectively breaking confidentiality protections.
Electronic Codebook is one of the simplest modes of encryption wherein each message block is encoded separately by a key, meaning identical plaintext blocks will be transposed into identical ciphertext blocks, making it unsuitable as a cryptographic protocol.
images from Hacker News