Tutanota Encrypted Email Missing MAC

The symmetric-key encryption used in Tutanota is vulnerable to ciphertext malleability (a.k.a. arbitrary bit rewriting), since they fail to authenticate their ciphertexts.

Leave a Reply